Hello, Underneath Stardollians

My name is Camila and I am a member of the Stardoll Staff. I read your open letter to us and I felt the urge to reply. Yes, many of us here read Underneath Stardoll. You guys have many insightful and oftentimes hilarious comments. But you can also be a bit harsh…

Your post “Information Regarding the Hacking Weekend” got me a bit upset because you make us out to be an evil corporation of uncaring people. We’re not. We’re all human beings, with feelings and we are all working really hard and trying our best to please a large and sometimes very tough crowd.

Many things in your post were very informative, but I think you should also hear our side of the story. Don’t get me wrong, a lot of it was pretty much spot on and you guys did a great job of figuring out what was happening. But not all information was correct. And I want to clear that up.

CLEARING THINGS UP

It’s true we started receiving reports about hacked accounts last Friday (the 24^th), but we did not ignore these due to our company party. Our Staff Summer Party took place the previous Friday (the 17^th), and we posted the video of the celebration on Monday (the 20^th).

The Starblogger that you mentioned was not warned for getting in touch with security concerns. In fact, the “warning” you published on your post on was sent on the 21^st, two days before the security issues started happening. I know because I sent that warning myself.

Yes. I WAS THE EVIL VILLAIN ALL ALONG. Or something like that.

The thing is, I manage the Starbloggers and that message I sent was not a warning, just a reminder that “with great power come great responsibility” and so on. Let me point out that the comments that led to that message didn’t look quite like the ones you displayed. But seriously, that had nothing to do with the concerned comments many people were writing on social media.

So, just clearing that up. Now let me talk about the thing you got mostly right (and what really matters) – the security issues that we faced.

THE LAST WEEKEND OF JUNE

The last weekend of June came together with a bank holiday. With people going away for the Midsummer weekend, our staff was left with reduced support capacity for three days. And of course, that’s when two very distinct (but equally important) things happened.

1) Stardoll.com suffered its biggest DDoS attack since these started happening the previous week.

2) We had a security breach and someone posted inappropriate content on a blog post and managed to obtain access to some accounts through this post.

What’s important to understand here is that these things were completely unrelated. The DDoS attacks had no role in endangering your accounts, while the hacking had no effect in the site’s slow loading times or inaccessibility.

The problem is, of course, that these two things combined… really hit us hard, from a technical standpoint. Picture a reserve team of firefighters trying to put out two separate fires going on at the same time. In opposite sides of the city. All that was happening got many of you to start panicking and speculating. And nothing is less helpful in a (figurative) fire than that sort of chaos…

So we were late and didn’t manage to nip the crisis in the bud as we hoped. What I want you to know is that we are truly, madly, deeply sorry about that. We really work hard to make sure you are all protected, but we failed you this time. Please remember we are humans.

Many of you were commenting on the fact that we refuse to apologize or even acknowledge what happened. That’s not true. But we have our reasons to be cautious…

WHY WE ARE RELUCTANT TO DISCLOSE INFORMATION

Our biggest concern is not trying to “sweep things under the rug”, or make more money out of you. It is, and always will be, your safety. Before making any big announcements or telling people to run for the hills, it’s important to figure out what’s actually wrong and make sure the threat doesn’t escalate. As mentioned, you don’t want to create a panic when a fire starts.

Another problem we face is the fact that not all our members are like the crowd here at Underneath Stardoll. This is very important to understand. It seems to me like you all are a bit older, more “knowing” and more mature than our average stardoll. You have to keep in mind that there are lots of children on the site too. And they need extra protection.

For that reason, we can’t just be all like “Oh, did you guys miss the pornography that was posted on the site. Well, let us tell you all about it!”. As many of you helpfully pointed out, pornography has no place in Stardoll.

We are not sure what kind of person wants to put that kind of thing on a site that a lot of kids access, but it did catch a lot of people’s attention. And my guess is that that was the whole purpose. It is only natural that we would not want to give this inappropriate stuff even more exposure.

But the biggest problem with going out with this kind of information too soon is that it opens the door to all sorts of opportunists. And that’s the last thing we want when trying to help actual victims.

SCAMMERS EVERYWHERE

You may have heard by now that we are dealing with the situation. Slowly but surely, we are reviewing every claim, helping people recover accounts and doing our best to recover what was taken and sort things out. This process is very time-consuming and demands a lot of investigation.

The problem is that as soon as news breaks out that “people were hacked and we are refunding Stardollars” our makeshift claims department receives ten times as many complaints. For every 10 messages saying “I got hacked and lost zillions of Stardollars, pls refund”, 9 turn out to be fake. But we still have to check each and every one, and this gets in the way of helping the actual victims. It really is unfortunate, but a lot of people try to use situations like these for their own benefit. And our number of active members runs in the millions.

Our staff gets contacted by scammers way more often than you do on Stardoll. We know you guys at Underneath get things, and know that we can check for that sort of stuff, but many of our members think this kind of scam could work.

We know you think we’re all a bunch of bots and we never read or reply to your messages properly, but we read everything and we check everything and it takes a lot of time. I know because I used to work with Customer Service.

I have to tell you, writing “Do not send an auto response” will not make a difference. Flooding our email with messages will not help get things solved faster either. It actually just makes things worse since we already receive thousands of messages on a “regular” week.

Now, we know that you are very sensitive with all that has happened and we really, really wish we could send you all beautiful, personalized, hand-written messages you deserve, but we are trying to solve this as fast as we can and this means you are prone to receive a copy&paste message once we recognize your issue and deal with it. Sorry about that. We’re just trying to help as many people as quickly as we can.

TL;DR?

We’re sorry. We really are doing our best in a tough situation. Of course we realize you are impatient, and you have every right to be so, but we hope you can understand that your patience and cooperation is key.

If your account was affected, please send us only one message. We will take care of your complaint, even if it may take us a while to get there. We promise. (Also, please don’t waste your time trying to swindle us. We always check our facts.)

All I want you to know is that we care and we have your best interest at heart.

So there we have it, Stardoll has finally given us a proper response to what happened with their side of the story. I've already said everything that I had to say in the open letter & while I think it was great that they sent out a doll mail regarding the DDoS attacks, I think users care more about the safety of their accounts than Stardoll going down for a few minutes (Camila stated the two were unrelated).

As long as they mentioned the situation was under control, it probably would have been good for them to send out an announcement to users regarding the security seeing as plenty of dolls outside of Underneath Stardoll also had their accounts hacked (no one said that they should have made an announcement about the pornography that was posted so I'm not sure where they got that idea from).

What do you think of Stardoll's response?