You know how sometimes a story seems so completely crazy, that you wonder what detail has been left out? Like… the payment provider just randomly wanted a list of all passwords? What?
Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request. All our attempts to clarify Nexi’s request, or to understand how their need for such information was necessary and legal, were met with what we consider to be vague and unsatisfactory explanations relating to a general need for risk analysis.
I think that was an exaggeration. They likely “just” wanted their account names and PII. It was simply not clear, and they never clarified it, which is absurd. Probably because it is illegal to ask, but if they get data willingly, they are out of trouble?
You know how sometimes a story seems so completely crazy, that you wonder what detail has been left out? Like… the payment provider just randomly wanted a list of all passwords? What?
Holy shit you weren’t kidding
I think that was an exaggeration. They likely “just” wanted their account names and PII. It was simply not clear, and they never clarified it, which is absurd. Probably because it is illegal to ask, but if they get data willingly, they are out of trouble?