You may also call me or contact me securely on Signal: +1.516.776.7756.
I am also on Twitter pretty much every day @PogoWasRight.
Other platforms available on request.
If You Get an Email from This Site or a Phone Call:
On a regular basis, I am contacted by researchers and asked to help notify companies or entities who have a data leak or breach that they do not know about. In such circumstances, I generally try email or a site’s on-site contact form if they have one. I may also use the phone.
I understand that in this day and age, people are suspicious of what they might fear are phishing attempts. So look at the email carefully. You will not be able to tell anything about my location because of the email service I use, but I do include my phone number, and I use the same phone number for this site: +1 516-776-7756. Any email will come from the databreaches.net domain.
Some emails may be signed with my real name while some may just be from “Dissent” or “admin.” If you see a real name and google it, you may erroneously think I’m a psychologist in California. I’m not. She and I just have the same name.
Still uncertain as to whether it’s a phish? Contact me on Twitter where I am @PogoWasRight to ask if I emailed you or called you.
Please note that notifying you of your leak or data security problem is not my job. And it is not my job to keep trying to get through to you to make you realize you have a problem. If I have to keep trying, I tend to get testy. I may try contacting your media team on Twitter via DM if they have DMs open. If they don’t, I may start tweeting publicly about why your company isn’t responding to notifications. I do not use Facebook or other platforms.
You can help yourself avoid a PR or regulatory nightmare by ensuring that you have clearly displayed ways for people to notify you of any data security concerns and by training your staff to escalate notifications. If they are concerned that the notifications are fake or a potential scam, they should not click on any links, but they should still get a supervisor involved or someone who can pursue the notice to determine if it’s real.
I hope I never have to contact you, but if I do, I hope you take the notification seriously.
This page was last updated on June 17, 2020.