500px Data Breach on "Deleted" accounts...

[Harlequin565]

So 500px have had a data breach, and need to reset passwords.

Thing is I deleted my account over a year ago. Seems like other ex-users are having the same issue. I guess 500px like to hang on to your data.

Anyone else with deleted accounts get the email this morning?

[/grumpiness]

 

[simon ess]

Yes same here. Deleted account a long time ago.

 

[srichards]

Yes. Yet another site that wants far too much information. DOB isn't necessary to anything they do and they don't need to store it in full. Month and Year would be perfectly fine.

I'm bored with all these data breaches. I used to put in fake data in the early days. I may have to consider doing that again but I kept forgetting whether I'd put in real or fake!

 

[ancient_mariner]

Looks like it's all accounts - I've just had a email asking me to reset & disclosing data breach details.

 

[Pound Coin]

Never give your real date of birth, unless it really is for ID.

Apparently 1/4 or all internet users were born on January 1st!

 

[Harlequin565]

Looks like it's all accounts - I've just had a email asking me to reset & disclosing data breach details.

It's fine if it's an account you've got in good standing with them (well it's not fine, but you know what I mean). My issue is that I deleted my account and they still have my details.
No reply to my "why have you still got my email address and when will you be deleting it" query.

 

[srichards]

I wonder if this not removing deleted accounts might be against the GDPR?

 

[Harlequin565]

Probably. Keeping data when you're not supposed to is pretty much what GDPR was designed for. Account deletion should mean just that.

They should do what eBay do which is make it impossible.

 

[minh0204]

It's likely they simply flag the account as deleted, like 99.99% of user management systems out there. But I guess depending on whether you delete the account before or after GDPR went in effect, they might be in breach.

 

[simon ess]

They don't say the account is deleted. They say it's deactivated. Does that make a difference?

 

[petersmart]

They don't say the account is deleted. They say it's deactivated. Does that make a difference?

Deactivated normally means that the account is dormant, not totally deleted, so can be re-activated if desired at any time (or the bill is paid!)

 

[simon ess]

Deactivated normally means that the account is dormant, not totally deleted, so can be re-activated if desired at any time (or the bill is paid!)

Yes, that's the point I think.

Edit - My question may not have been clear - sorry.

I meant does it make a difference with regard to GDPR

 

[Harlequin565]

They don't say the account is deleted. They say it's deactivated. Does that make a difference?

Yes. There's another step to go through to delete it. Contact customer care once it's deactivated if I remember correctly. But there's no point because they don't do it.