Last week, Catch Of The Day admitted to a data breach involving the loss of usernames, email addresses, hashed passwords and credit card data. What's more, it waited three whole years to disclose this information to customers. If you're as annoyed with the company as we are, you'll want to cancel your account. Here's how.
Trash image via Shutterstock
If you're late to the news, let us bring you up to date. At 5:30pm AEST on Friday, daily deal site Catch of the Day decided it would be a good idea to notify users of a data breach. It sent out what it deemed an "Important Notice" email, outlining the extent of the breach, adding that it happened three years ago.
The company believes “names, delivery addresses [and] email addresses”, as well as encrypted passwords and “in some cases” credit card data, were comprised during the attack. Fair enough you might say, letting people know you’ve been hacked.
The email does not explain why it took so long for the company to inform affected users of the breach, which occurred in “late April and early May 2011″, though it does attempt to deflect by stating that police, banks and credit card companies were notified and the site has since undergone "major upgrades” to secure customer information.
It goes on to explain that only accounts created before 7 May 2011 were affected and that those who fall on the wrong side of this date should change their password (if they haven’t already done so). Despite only storing a salted hash of users’ passwords, CotD is concerned that “technological advances” can allow determined parties to decrypt these hashes.
In regards to compromised credit card data, the email says a “relatively small portion of users” have anything to worry about, though providers apparently cancelled jeopardised cards shortly after the breach.
Ugh, So How Do I Get Out?
Therein lies the rub: Catch of the Day won't give users an easy way to cancel their membership. After 30 minutes of clicking around the CotD site, we've found that there's no way for you to submit a request for your account to be cancelled.
The only way you're going to be able to cancel your account is by jumping onto a conversation with CotD's "Live Chat" help department.
Catch is telling people that accounts are usually cancelled within 48 hours, but that could just be a simple deactivation process rather than actually deleting all of your information (which would be more ideal).
It's a process that requires more patience than you probably have time for, but it might be worth it to prevent your data wandering off again.
This article originally appeared on Gizmodo.