Just a quick rant here. I’ve written it in a couple places already, but I want to share it with you here as well.

I’m seeing lots of people complaining how bad Twitter was, that they should be punished, how dared their CTO write a message in such a tone, and what not. Okay, so some people likely have it right, and I do agree that such huge companies should be more strict about their security practices, how they push new changes and so on. That’s granted and there is no doubt about it.
However, we got to balance the hatred vs the appreciation. We must look at the bigger picture here, because it takes courage to take incident response action and notify customers about the data breach.
As a community we should appreciate such attitude to encourage companies to be transparent. Blaming and throwing crap at them isn’t a good motivation for them or other companies that may be in the same situation

You know how many companies cover up their breaches? A TON. Look at giants such as Yahoo, Uber, those companies were hiding their dark secrets for years. So next time you want to throw 100% pure hate against some company that was breached and notified about it ASAP, think about following – would you rather NOT know that your data was compromised?

We need more balance my friends. That’s how we can finally create a culture of transparency and trust. InfoSec is nohow different than any other discipline of life, and when you punish someone for doing good, that’s the quickest way to make them stay in the shadows and don’t talk to you anymore about their problems.

So had Twitter messed up? Yep, BIG way.

Stop your cheap shaming of Twitter. You do no good with the negative attitude.

Had Twitter notified us quickly about the incident? Yep, and huge respect for that.