There has been an increase in security breaches this year. This past week, two services I use were compromised - Tumblr and Apple Developer Connection. Both services informed me of the security breach, and one made me feel like they cared, and the other one didn’t. Perhaps I am reading too much into this, but at the very least, it illustrates how important language is, in conveying how much we care.

Apple Security Mail

Apple’s mail is clear, concise and inspires confidence in their ability to take care of my information. They state the purpose of this communication, tell me what they did about it, and what they were going to do to fix it in the future. Update: Apparently, it was a whitehat security guy doing his thing.

Tumblr Security Mail

Tumblr on the other hand, makes a whole bunch of assumptions (NO! I don’t read your staff blog), trivializes the security issue that was in their software (by ignoring to tell what it actually is), makes more work for me (change my passwords – for my own good, but none-the-less), insinuates that I should be doing things to take care of my passwords by buying other apps, and finally, throws a completely insincere apology.

Nowhere do they bother to mention:

  • Why they are getting in touch now
  • What the actual issue is (Some searching online explains why, but they should have mentioned it in the email)
  • That it was a Tumblr’s fault (Sniffed in transit .. who sends un-encoded password over http anymore?!)

The nonchalance of it all, really bothers me. Another small detail that Apple does well.