We have news that impacts some of our customers.
About 15% of our customers need to re-enter their payment data if they want to continue as members of OSTraining.
This blog post explains what happened, why it happened and what we're doing to make things right.
Why Some Customers Need to Re-enter Payment Data
In order to process OSTraining subscriptions accurately, we rely on a service called Recurly. Earlier this year, I wrote an article about the difficulties with subscriptions and explained that we used Recurly to overcome many of them ( link ).
Unfortunately, last month, Recurly managed to lose the encryption keys they used to access stored payment information ( link ). In other words, even they weren't able to access customer payment information. They lost access to our customer data, but also the customer data for Adobe, Linkedin, Brightcove, Fox News and many more. Absolutely no customer data was exposed, hacked or accessed by anyone unauthorized. Instead, the problem was that, after the hardware failure, the data was no longer accessible.
With the help of Recurly, we have managed to recover 85% of our customer data by working with our payment gateways PayPal and Authorize.net.
Unfortunately, Authorize.net was not able to recover payment information from more than 6 months back. It is those Authorize.net accounts older than 6 months that could not be recovered.
How Does this Impact OSTraining Customers?
- If you are one of the 15% and want to continue as an OSTraining member: You will already have received an email. Click the link in that email, and you'll be able to quickly and easily fill in your payment information again. As an apology, we're going to apply a 20% discount to your next membership period.
- If you are one of the 15% and do not want to continue as an OSTraining member: ignore the email and do nothing. Your membership will end after the time you have already paid for.
- If you are one of the 85%: this won't impact you at all. If you haven't yet received, you are one of the 85%.
We apologize to all of you who are impacted by this. We didn't directly cause the loss of the encryption keys, but we are responsible for choosing our technology partners and we chose Recurly.
Recurly is improving their infrastructure ( link ). We need to evaluate those improvements and decide whether to rely on them to handle our payment processing over the long-term.
As a reminder, at no time was any data lost, hacked or accessed by anyone un-authorized.
If you have any questions, please feel free to email firstname.lastname@example.org or call us on +1 678-830-2168.