"we areinvestigating"backtrackingonstatementsignore itand hopeit goesawaypublic s3 /elasticsearch"thereare noissues"easilydisprovedlienot fixeduntilpubliclydisclosed"it wasonly for afewminutes"threatento callpolice onwhite hat"ourapp/websiteexperiencedsomeissues""[the whitehat] isbreakingthe law"more usersaffected thaninitiallythought"highlysophisticatedattacker"(dude withchromeinspector)"weweren'tbreached">100kaccountsbreachedplaintextpasswords"nobodyisperfect""someone'sout to getus"data privacycommissionernot notified intime"don'tworryyour datais safe""no evidence itwas exploited"(because therewere no logs)"only asmallportion ofour users"nosecurityteamreally easy,like reallyeasy toexploit"we areinvestigating"backtrackingonstatementsignore itand hopeit goesawaypublic s3 /elasticsearch"thereare noissues"easilydisprovedlienot fixeduntilpubliclydisclosed"it wasonly for afewminutes"threatento callpolice onwhite hat"ourapp/websiteexperiencedsomeissues""[the whitehat] isbreakingthe law"more usersaffected thaninitiallythought"highlysophisticatedattacker"(dude withchromeinspector)"weweren'tbreached">100kaccountsbreachedplaintextpasswords"nobodyisperfect""someone'sout to getus"data privacycommissionernot notified intime"don'tworryyour datais safe""no evidence itwas exploited"(because therewere no logs)"only asmallportion ofour users"nosecurityteamreally easy,like reallyeasy toexploit

Data Breach Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. "we are investigating"
  2. backtracking on statements
  3. ignore it and hope it goes away
  4. public s3 / elasticsearch
  5. "there are no issues"
  6. easily disproved lie
  7. not fixed until publicly disclosed
  8. "it was only for a few minutes"
  9. threaten to call police on white hat
  10. "our app/website experienced some issues"
  11. "[the white hat] is breaking the law"
  12. more users affected than initially thought
  13. "highly sophisticated attacker" (dude with chrome inspector)
  14. "we weren't breached"
  15. >100k accounts breached
  16. plaintext passwords
  17. "nobody is perfect"
  18. "someone's out to get us"
  19. data privacy commissioner not notified in time
  20. "don't worry your data is safe"
  21. "no evidence it was exploited" (because there were no logs)
  22. "only a small portion of our users"
  23. no security team
  24. really easy, like really easy to exploit