"we areinvestigating""ourapp/websiteexperiencedsomeissues""only asmallportion ofour users"plaintextpasswordsmore usersaffected thaninitiallythought"nobodyisperfect"ignore itand hopeit goesawaythreatento callpolice onwhite hatbacktrackingonstatementspublic s3 /elasticsearch"don'tworryyour datais safe""[the whitehat] isbreakingthe law""no evidence itwas exploited"(because therewere no logs)"thereare noissues""it wasonly for afewminutes""someone'sout to getus""weweren'tbreached">100kaccountsbreached"highlysophisticatedattacker"(dude withchromeinspector)not fixeduntilpubliclydiscloseddata privacycommissionernot notified intimeeasilydisprovedlienosecurityteamreally easy,like reallyeasy toexploit"we areinvestigating""ourapp/websiteexperiencedsomeissues""only asmallportion ofour users"plaintextpasswordsmore usersaffected thaninitiallythought"nobodyisperfect"ignore itand hopeit goesawaythreatento callpolice onwhite hatbacktrackingonstatementspublic s3 /elasticsearch"don'tworryyour datais safe""[the whitehat] isbreakingthe law""no evidence itwas exploited"(because therewere no logs)"thereare noissues""it wasonly for afewminutes""someone'sout to getus""weweren'tbreached">100kaccountsbreached"highlysophisticatedattacker"(dude withchromeinspector)not fixeduntilpubliclydiscloseddata privacycommissionernot notified intimeeasilydisprovedlienosecurityteamreally easy,like reallyeasy toexploit

Data Breach Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. "we are investigating"
  2. "our app/website experienced some issues"
  3. "only a small portion of our users"
  4. plaintext passwords
  5. more users affected than initially thought
  6. "nobody is perfect"
  7. ignore it and hope it goes away
  8. threaten to call police on white hat
  9. backtracking on statements
  10. public s3 / elasticsearch
  11. "don't worry your data is safe"
  12. "[the white hat] is breaking the law"
  13. "no evidence it was exploited" (because there were no logs)
  14. "there are no issues"
  15. "it was only for a few minutes"
  16. "someone's out to get us"
  17. "we weren't breached"
  18. >100k accounts breached
  19. "highly sophisticated attacker" (dude with chrome inspector)
  20. not fixed until publicly disclosed
  21. data privacy commissioner not notified in time
  22. easily disproved lie
  23. no security team
  24. really easy, like really easy to exploit