You are viewing a single comment's thread.

view the rest of the comments →

0
2

[–] SkepticalMartian 0 points 2 points (+2|-0) ago  (edited ago)

I don't expect most people here to really understand how these things work, but reporting these issues to your customers is rarely as simple as "phone up the PR department and issue a statement" moments after the issue is found.

It takes time to figure out the scope and size of a problem. Sometimes what caused the issue is not always obvious, and you really want to be sure you know what you're talking about before making a public statement.

Not only that, but you have to consider the hierarchy involved. A programmer can't make a statement on behalf of the company, nor should he. This is far more likely to get you fired than making an honest mistake. Also consider it occurred during a period when a large portion of the company was likely on holidays. All this cross communication, and hunting down people who may or may not be working due to the holiday takes time.

0
1

[–] ChillyHellion 0 points 1 points (+1|-0) ago 

hey, I wanted to follow up on your comment because it looks like you're exactly right; Valve has issued a more detailed statement about the exposed data, including its personal nature and a few more details on the nature of the issue. Great call on this one; your thoughts on internal hierarchy and needing to collect more details are probably the best explanation for the delay.

0
1

[–] SkepticalMartian 0 points 1 points (+1|-0) ago  (edited ago)

Always ask yourself how many assumptions you're making about a given situation. Are they reasonable assumptions? Are they assumptions supported by precedent? People on the internet tend to make a lot of them. The free speech we enjoy here is a great thing, but it means less if we don't think critically before using it.

0
1

[–] ChillyHellion 0 points 1 points (+1|-0) ago 

Those are good points. There are risks in making a statement before you're sure of the situation, and releasing a statement that's above your pay grade. You've changed my mind about the lack of communication during the event.

I do still have a problem with their issued statement after the fact. It reads like "there's nothing to worry about because it's just a caching problem and we fixed it", when the real problem is that the cached data contained personal information. Whether that leak of personal information is a problem or not should be addressed one way or another. If it's not a problem, they shouldn't be afraid to say that, and explain why. "cached page information" just seems like downplaying the issue with the hopes that people won't think about what the data actually is.