Catch Of The Day is on our collective shit-list at the moment after waiting three whole years to disclose a data breach that involved the loss of usernames, email addresses, hashed passwords and credit card data. If you’re as annoyed with them as we are, you’ll want to cancel your account. Here’s how.
Wait, What Happened?
If you’re late to the news, let us bring you up to date:
At 5:30pm AEST on Friday, daily deal site Catch of the Day decided it would be a good idea to notify users of a data breach. It sent out what it deemed an “Important Notice” email, outlining the extent of the breach, adding that it happened three goddamn years ago. Not good.
The company believes “names, delivery addresses [and] email addresses”, as well as encrypted passwords and “in some cases” credit card data, were comprised during the attack. Fair enough you might say, letting people know you’ve been hacked.
The email does not explain why it took so longer for the company to inform affected users of the breach, which occurred in “late April and early May 2011″, though it does attempt to deflect by stating that “police, banks and credit card companies” were notified and the site has since “undergone major upgrades” to secure customer information.
It goes on to explain that only accounts created before 7 May 2011 were affected and that those who fall on the wrong side of this date should change their password (if they haven’t already done so). Despite only storing a salted hash of users’ passwords, CotD is concerned that “technological advances” can allow determined parties to decrypt these hashes.
In regards to compromised credit card data, the email says a “relatively small portion of users” have anything to worry about, though providers apparently cancelled jeopardised cards shortly after the breach.
Ugh, So How Do I Get Out?
Therein lies the rub: not only does Catch of the Day love disrespecting its users, it also won’t give you an easy way off its obnoxious merry-go round.
After 30 minutes of clicking around the CotD site, we’ve found that there’s no way for you to submit a request for your account to be cancelled.
The only way you’re going to be able to cancel your wretched account is by jumping onto a conversation with CotD’s “Live Chat” help department. Ugh.
Catch is telling people that accounts are usually cancelled within 48 hours, but that could just be a simple deactivation process rather than actually deleting all of your information (which would be more ideal).
It’s a process that requires more patience than you probably have time for, but it might be worth it to prevent your data wandering off again.
Logan Booker contributed to this article.
Trash image via Shutterstock