"[the whitehat] isbreakingthe law">100kaccountsbreached"don'tworryyour datais safe""someone'sout to getus"more usersaffected thaninitiallythoughtpublic s3 /elasticsearchdata privacycommissionernot notified intime"we areinvestigating"easilydisprovedlie"weweren'tbreached""thereare noissues""ourapp/websiteexperiencedsomeissues"really easy,like reallyeasy toexploitignore itand hopeit goesaway"highlysophisticatedattacker"(dude withchromeinspector)plaintextpasswords"no evidence itwas exploited"(because therewere no logs)"it wasonly for afewminutes"backtrackingonstatements"nobodyisperfect"threatento callpolice onwhite hatnot fixeduntilpubliclydisclosed"only asmallportion ofour users"nosecurityteam"[the whitehat] isbreakingthe law">100kaccountsbreached"don'tworryyour datais safe""someone'sout to getus"more usersaffected thaninitiallythoughtpublic s3 /elasticsearchdata privacycommissionernot notified intime"we areinvestigating"easilydisprovedlie"weweren'tbreached""thereare noissues""ourapp/websiteexperiencedsomeissues"really easy,like reallyeasy toexploitignore itand hopeit goesaway"highlysophisticatedattacker"(dude withchromeinspector)plaintextpasswords"no evidence itwas exploited"(because therewere no logs)"it wasonly for afewminutes"backtrackingonstatements"nobodyisperfect"threatento callpolice onwhite hatnot fixeduntilpubliclydisclosed"only asmallportion ofour users"nosecurityteam

Data Breach Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. "[the white hat] is breaking the law"
  2. >100k accounts breached
  3. "don't worry your data is safe"
  4. "someone's out to get us"
  5. more users affected than initially thought
  6. public s3 / elasticsearch
  7. data privacy commissioner not notified in time
  8. "we are investigating"
  9. easily disproved lie
  10. "we weren't breached"
  11. "there are no issues"
  12. "our app/website experienced some issues"
  13. really easy, like really easy to exploit
  14. ignore it and hope it goes away
  15. "highly sophisticated attacker" (dude with chrome inspector)
  16. plaintext passwords
  17. "no evidence it was exploited" (because there were no logs)
  18. "it was only for a few minutes"
  19. backtracking on statements
  20. "nobody is perfect"
  21. threaten to call police on white hat
  22. not fixed until publicly disclosed
  23. "only a small portion of our users"
  24. no security team