Conversation

Notices

1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 30-Apr-2021 20:44:24 EDT lnxw48a1
   Reading about https://lowendbox.com/blog/digitalocean-customer-billing-data-exposed-in-security-breach/ again brought something to mind.
   
   I'm sure most companies don't keep the full card info around, but instead are given a handle that enables them to charge the card each month without keeping dangerous info around. (Handle is my word for something I surmise exists but have no proof thereof.)
   
   None of the articles I've seen mention the existence of such a thing, and therefore, don't say whether that information was also compromised.
   
   I mention it because I haven't heard anyone talking about having to replace their cards or to cancel and restart monthly #DigitalOcean billing.
   
   One last thing. Historically, when a company is breached, they say "the incident only affected a small subset of our users / customers", then that subset gets larger and larger over time. In some cases, the subset eventually comprises the entire user / customer base.
   1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 30-Apr-2021 21:51:59 EDT GeniusMusing

      in reply to
      @lnxw48a1
      I think this is what you are thinking of.
      
      Use Tokenization to Reduce PCI Scope PCI Compliance Guide
      https://www.pcicomplianceguide.org/how-you-can-use-tokenization-to-reduce-pci-scope/
      
      >What is Tokenization?
      >
      >Tokenization is the process of swapping highly-sensitive personal payment data for a ‘token’, which comprises a number of random digits that cannot be restored back to their original value.