Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.
Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:
1) You’re probably not going to get any real answers to your direct questions about the incident, and;
2) The company almost certainly did have a serious breach.