NEW YORK, New York. In early October, 2007, the Liberty Coalition discovered a file containing what appears to be the names, genders, dates of birth, salary information, e-mail addresses, t-shirt sizes, and contact information for approximately 1,010 Cracked.com subscribers. The file was available to the online public, and was not password-protected, encrypted, behind a firewall, nor require authentication to access. The exposure contradicted Cracked.com’s already weak Privacy Policy,
“We use commercially reasonable efforts to safeguard and secure your personal information while stored on our computer systems. We use a variety of industry standard security measures, including encryption and authentication tools, to maintain the confidentiality of your personal information. Your personal information is stored behind industry standard firewalls and is only accessible by a limited number of persons who are authorized to access such systems, and are required to keep the information confidential.” (Accessed 11 October 2007)
However, presumably in response to this breach, Cracked.com has since changed its privacy policy to disclaim all responsibility for exposing customer data:
“We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. HOWEVER, WE DO NOT GUARANTEE SECURITY. Neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. If applicable law imposes any non-disclaimable duty (if any), you agree that the standard used to measure our compliance with that duty will be one of intentional misconduct.”
Translation: “We screwed up, and we’re not going to take any responsibility for it unless you sue us. You’re on your own if we put you at risk.”
By the time the file was discovered, it had already been removed from cracked.com, but continued to be available through Google’s cache. Cracked.com was notified of the breach, and they subsequently changed their privacy policy.
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.
About SSNBreach.org
SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information
has been exposed.
SSNBreach.org does NOT contain sensitive data, such as Social
Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other
type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the
situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the
exposure.