Security Update: Isolated Document Incident

I'm working late tonight, largely in part to this situation, and want to clear a few things up - as our new PR person has left for the night...
We immediately met and discussed this situation this morning. We then responded in many ways - primarily with an open letter apologizing profusely and assigning specific blame (so no one is hiding - our PR person already accepted blame)- but further more we responded to every email and message. I responded to most myself and I also commented throughout the day on the Forums. We had another staff meeting mid-afternoon. We've spent the remainder of the day continuing to email our members. Now, let me reassure you: *** IF YOU HAVE NOT RECEIVED AN EMAIL FROM EDENFANTASYS BY NOON TOMORROW THEN YOU WERE NOT ON THE LIST *** therefore, none of your info was in any way compromised. Please stop making such broad assumptions. We have apologized, disciplinary action was taken and it has been a damn serious and rough day around here. No one in this office is taking it lightly or being disingenuous. And frankly, for this being only my fourth day with the company, I've done a lot of public apologizing for something I personally had nothing at all to do with...I think it's worth it, though, because I do truly want to convey my concern to all of you and I hope for this matter to be closed so that we can get past it. Until it's put to rest, the community keeps suffering. I hope you see it that way too. less

Five minutes ago was the first I heard of this problem. This post by Victoria is one of the most reasonable on the thread. I am, too, still trying to track and understand most of the situation.

1. The moment that Eden found out about the problem they should have sent email, not posted this on the forum. I think that's a crappy way to deal with a problem with a public announcement in a venue not everyone reads. (Further complicating the issue with.. "send an email to the program manager to find out if you were on the document."

2. Any company that is trying to protect secure information of any sort should flat out know better than to use something like Google documents or any other off site storage or utilities.

Memory is cheap. Firewalls exist for a reason. There is something called an "Intranet."

I can believe this is an accident. I do not accept that everyone in either the Eden community or the Blogger community is respectable. Nor do I believe that there are not people that would not deliberately harm certain other individuals. (Unfortunate, malicious and petty though that is.) Blogging is it's own risk, and you deal with that your own way. You do however expect a much higher standard from a business.

This makes me rethink the security of Eden in general if they have ever had such procedures. Including credit card usage. I'm just not impressed.

The point is very real. The forums, the review of sex toys, etc... can actually cause some of us to risk our jobs. I had come to feel very secure here recently.

What I have not seen is exactly what type of information was on that document. I think an example needs to be published that is now clean. Otherwise assumptions are being made. less

Betty wrote: "This utter irresponsibility with the private information of the people you depend on to sell your products is HORRIFIC."

I really understand your concerns, but let's put things in perspective a BIT.

link

link

link

I'm not trivializing EF's security leak at all, but I am confident it was a limited, accidental leak and quickly 'mended.' If we can't trust the US Air Force or the British or American government to look after our info...

We have blogs and we should therefore take some responsibility for placing ourselves in a vulnerable situation on the Internet in the first place. As I said, I know plenty of people (over five) who had sex blogs they pulled because of 'real life' crossing into their 'blog life.'

You can expect EF to do everything they can to keep things private and I don't see what else they could have done in this circumstance. less

You're kidding. An article from 2006? That's not the point. I EXPECT a business that I work with to pay attention to security. When mistakes happen, everyone here expects an adequate follow up. In my mind, EF did not do EVERYTHING they could to keep things private. (I forgive an individual for making mistakes), but I read AAG's probably account of how this screw up happened and it's pretty straightforward if she's right.

There's already security information out there about Google Calendar. Anyway with any brains should know that Google links everything, and there would be a damn good chance of security leaks with anything else.

I'm sorry Eden. This entire even screams "Too cheap to do actually pay attention to security." less

Just my $.02. It's not unrealistic to expect EF to guard our privacy. However, it is realistic that mistakes happen.



Now, this is a huge mistake. As several people have mentioned, there were many ways to get around using a file open to everyone on the internet. Whether it be a simple password protection, using a thumb drive or even uploading it to the EF servers and only allowing specific access. As someone who has owned several websites, none of them the magnitude of EF I feel this is a horrible lapse in judgment. I would like to think my amateur self would be above it but, the truth is, accidents happen. So I see where Red Roulette is coming from.

On the other hand, this is a potentially costly accident. I might only be a little embarrassed if such information were released to the world at large but some could stand to lose their jobs and reputations. That is a serious implication. Furthermore, for such delicate information to be released by a company which strives to be respectable and trustworthy, I cannot help but wonder if my credit card information is really safe.

Regardless, the error has been committed. What we need now is action from EF and from what I've seen, the team is trying hard to do that. I do not doubt this has been a very stressful weekend for Victoria. I also do not doubt that she has been genuine with her concern.

I do doubt that posting on the forums was the best way to handle this. At the very least, an e-mail should have gone out. less

I agree with posters who say EVERYONE should get an email about this. This is a company issue, not just an issue with specific bloggers. I am still waiting for some sort of apology or explanation as to why the original forum post did not mention that the document had REAL NAMES and ADDRESSES on it. I am also still waiting for an actual explanation as to how this occurred! Was it password-protected but somehow a URL with a username/password embedded in it exists? Or was it not password-protected at all? less

I agree with posters who say EVERYONE should get an email about this. This is a company issue, not just an issue with specific bloggers. I am still waiting for some sort of apology or explanation as to why the original forum post did not mention that the document had REAL NAMES and ADDRESSES on it. I am also still waiting for an actual explanation as to how this occurred! Was it password-protected but somehow a URL with a username/password embedded in it exists? Or was it not password-protected at all? less

I'm working late tonight, largely in part to this situation, and want to clear a few things up - as our new PR person has left for the night...
We immediately met and discussed this situation this morning. We then responded in many ways - primarily with an open letter apologizing profusely and assigning specific blame (so no one is hiding - our PR person already accepted blame)- but further more we responded to every email and message. I responded to most myself and I also commented throughout the day on the Forums. We had another staff meeting mid-afternoon. We've spent the remainder of the day continuing to email our members. Now, let me reassure you: *** IF YOU HAVE NOT RECEIVED AN EMAIL FROM EDENFANTASYS BY NOON TOMORROW THEN YOU WERE NOT ON THE LIST *** therefore, none of your info was in any way compromised. Please stop making such broad assumptions. We have apologized, disciplinary action was taken and it has been a damn serious and rough day around here. No one in this office is taking it lightly or being disingenuous. And frankly, for this being only my fourth day with the company, I've done a lot of public apologizing for something I personally had nothing at all to do with...I think it's worth it, though, because I do truly want to convey my concern to all of you and I hope for this matter to be closed so that we can get past it. Until it's put to rest, the community keeps suffering. I hope you see it that way too. less