I feel like I need to do a video on this breach event.
A little on the breach itself, 'cause that's probably interesting, but mostly on the way it's disclosed and responded to.
We publicly announced pretty quickly by any measure and have been pretty transparent so far (more transparency coming soon) and the response has been mostly "Fuck that sucks, thanks for working to fix it" rather than "POOF THAT PHP IS TEH SUX". There's some of that, but preciously little.
Pay attention corporations. This is how you preserve trust in a situation where you're inevitably going to lose some. Just treat everyone involved like a fucking adult and take your slaps on the wrist.
We fucked up by trying to maintain out own infra without the resources to do it right. We admitted that mistake to ourselves first, then to the public, and we're acting to fix the underlying problems (including some that weren't an issue yet, but could become ones).
