Someone tweeted that my app is leaking data — what do I do?

The first hour after a public disclosure is what separates a minor incident from a company-ending event.

You wake up to your phone buzzing. A security researcher tweeted screenshots of your app leaking customer data. There's a thread. There are dunks. There are customers asking if their data is safe. You have no idea how long this has been going on.

What happens next

  1. Minute 0-30 — initial triage

    Confirm the vulnerability is real. Check if it's currently exploitable. Start documenting.

  2. Minute 30-60 — stop the bleeding

    Deploy a fix or pull the affected functionality offline. Respond to the researcher thanking them.

  3. Hour 1-24 — communication

    Email affected users. Post a public transparency update. Coordinate with your legal counsel if the breach is notifiable under law.

  4. Week 1 — postmortem

    Publish what happened, what you're doing, how it won't happen again.

Without Securie

You scramble for hours trying to identify the bug, reproduce it, and fix it. Your response is reactive; the news cycle is faster than you are. Customer trust takes a serious hit.

With Securie

Securie would have flagged the bug on the pull request that introduced it. If you install before an incident, this scenario is mostly preempted. If installing after — Securie's evidence chain helps you demonstrate to customers, press, and regulators what you know and when.

Exactly what to do right now

  1. Acknowledge publicly within 30 minutes (even if you don't have details yet)
  2. DM the researcher; offer to coordinate responsible disclosure
  3. Deploy a fix or pull affected functionality offline
  4. Draft a user-facing notice with your legal counsel
  5. Publish a full postmortem within 7 days
  6. Install Securie if you haven't — future incidents of this class get caught pre-merge