
DoorDash confirms data breach affected 4.9M customers, workers and merchants - bonyt
https://techcrunch.com/2019/09/26/doordash-data-breach/
======
cj
> The information accessed is not sufficient to make fraudulent charges on
> your payment card.

In other words... "We leaked a bunch of your personal information, but at
least it's not enough data to steal your money!"

All of these leaks have the cumulative effect of making ineffective very
commonly used security verification questions: "Can I verify that last 4 of
your social? And the last 4 of your credit card?"

How long will it take for us to accept that this kind of data can no longer be
assumed private? The sooner, the better, mainly so companies stop using it as
a secondary form of identity verification.

~~~
hchasestevens
Surely the actual problem here is that the responsibility for reliable
identification somehow falls on the consumer, not the bank or what have you?

I'll give an example: if I get a phishing email claiming to be from my bank,
and end up wiring them $1000, I'm out $1000 for not having done the due
diligence for verifying that it in fact was my bank; my bank doesn't suddenly
owe me $1000. Somehow, though, if some 3rd party convinces the bank they're
me, and withdraws $1000 from my account, I'm at fault as a victim of "identity
fraud" (and am again out $1000, but this time as a result of my bank's
incompetence).

If the onus for verifying your identity were on institutions (and,
consequently, the losses in cases of failure to do so) I'm confident that we
would have much more reliable means of personal identification magically pop
into existence.

~~~
cortesoft
> Somehow, though, if some 3rd party convinces the bank they're me, and
> withdraws $1000 from my account, I'm at fault as a victim of "identity
> fraud" (and am again out $1000, but this time as a result of my bank's
> incompetence).

This isn't true, though. The bank is the one on the hook.. eventually. The
problem, of course, is that you have to get the bank to agree that it wasn't
you who made the withdraw..

While it sucks, I am struggling to figure out alternative solutions.

Let's suppose we did the opposite; if you tell the bank that it wasn't you,
then they have to prove it was, and in the meantime they give you the money.
Sounds great, but this makes fraud about as easy as you can get - open an
account, deposit $50,000, then transfer it somewhere else and withdraw it to
cash. Then, tell the first bank that it wasn't you that did it. Sure, they
will be able to prove it was you eventually.... but according to our new
rules, they have to return the money while they figure it out... you withdraw
it all and flee.

There would be literally NOTHING the bank could do to prevent this sort of
fraud. They could put a million checks in place, but since they would still
need to 'prove' it was you when you claim it was fraudulent, and make you
whole in the meantime, you could still steal the money during that time. You
claim fraud, they put the money back into your account.. and then they show
someone (who? an arbiter? the gov?) that they have video evidence of you
making the withdraw. While the ruling is happening, you skip town with the
money.

It really sucks, and I really can't think of a solution.

~~~
landryraccoon
All of that argumentation is nice but it doesn’t hold any water.

Credit card companies are by law on the hook for any fraud committed with your
credit card. Everything you just wrote applies to credit cards, and yet Visa
and Mastercard are doing just fine. They aren’t going bankrupt just because
you can file a chargeback whenever you want as a consumer.

There doesn’t seem to be any doubt Banks can handle this, because they already
do.

~~~
cortesoft
Except they AREN'T on the hook for the fraud... the merchants are. They are
doing fine because they pass on the costs to the merchants.

Also, when you dispute a charge, they are able to put the money in 'escrow',
basically, while they investigate... since they control both sides of the
transaction (both merchant and customer), they 'keep' the money while they
resolve it. If they find in the card user's favor, they deduct it from the
merchant account and credit it back to the card user. Otherwise, they release
the hold and the merchant can withdraw the money.

It doesn't feel like your money is being held as a card holder, because the
'money' in this case is credit, and it doesn't effect your bank account while
it is being resolved. However, it DOES count against your credit limit while
they resolve the issue, so it shows you that the money is still 'frozen' while
they resolve it. They aren't allowed to charge interest during the dispute,
but if you lose the dispute you will have to pay the interest.

This is the same thing that happens when your bank account is defrauded.. the
money is frozen, and you can't withdraw it until the dispute is resolved.

~~~
kerkeslager
> Also, when you dispute a charge, they are able to put the money in 'escrow',
> basically, while they investigate... since they control both sides of the
> transaction (both merchant and customer), they 'keep' the money while they
> resolve it. If they find in the card user's favor, they deduct it from the
> merchant account and credit it back to the card user. Otherwise, they
> release the hold and the merchant can withdraw the money.

> It doesn't feel like your money is being held as a card holder, because the
> 'money' in this case is credit, and it doesn't effect your bank account
> while it is being resolved. However, it DOES count against your credit limit
> while they resolve the issue, so it shows you that the money is still
> 'frozen' while they resolve it. They aren't allowed to charge interest
> during the dispute, but if you lose the dispute you will have to pay the
> interest.

I knew roughly how this worked before, but it didn't occur to me until I read
your explanation that this allows the credit card company or bank to invest
the money while it's in escrow. So it actually _benefits_ them when fraud
happens on your account.

...of course that's a thing. The bankers always win.

~~~
tappio
Visa and Mastercard are card schemes. They are just moving the money between
financial institutions. The issuer (which is the financial institution from
where the credit card was applied from) is providing the credit line=they own
the money. The scheme ensures that the other parties always gets their money,
which is why their business is really dependent on good fraud detection
algorithms. The payment schema will just freeze the settlements during the
dispute, but if evidence is found that it was fraud, they will lose the money.
This of course happens all the time, but it is just a pricing issue. Visa
charges license fees from issuer and acquirer, and every transaction costs for
the merchant around 0.5-5% depending on the card.

~~~
tappio
Had to check again, visa and Mastercard actually don't carry the risk in this
scenario. It's either the acquirer or issuer. Scheme acts as a judge and
decides who's fault it is. However, now that 3d secure is in place, if both
issuer and acquirer support it, there are really few frauds. If they don't,
the risk is on the one who did not enforce 3d secure.

------
geocar
I'd like to point out, it's not "DoorDash" that has done anything wrong, it's
these _people_ :

\- Andy Fang

\- Evan Moore

\- Stanley Tang

\- Tony Xu

They decided our security and privacy wasn't worth as much as hur hur hur
growth hacking startup hur hur next uber, and couldn't be arsed to even give
us a proper apology.

Look at their blog post: not one mention of the words "we sorry, we fucked
up".

It's all about the other guys.

The _bad guys_.

The guys who stole your data _not us_ , and you should change your password
with us to protect your account _with us_.

No. That's wrong. Look at the 295 million people who weren't affected -- all
the people who don't use doordash at all!

That means the best way to protect yourself is to simply not use doordash.
Delete it. Delete the email account and the bank/credit card you used with
them (ask your bank/credit card company for a new number). Move if you've got
to (drivers license details!?!?!?) You have no other protection now- you're
fucked. They have your data, and they're only going to risk it again.

And remember how difficult it is to get in control of your data again when the
next breach happens, the next time you're thinking about signing up with
something, or you're getting ready to vote.

~~~
orblivion
Is there something about this story that makes you think it's an issue of
negligence rather than a capable intruder? We keep getting told that total
security is impossible. Isn't this inevitable? Is it just that they waited too
long to disclose it?

~~~
geocar
Security is a cost/benefit decision, not a binary one. More security costs
more. Putting the drivers licenses and bank details of employees in the same
database as the credit cards and names of customers is cheaper than putting
them on separate databases. Putting them on the Internet is cheaper than
having a separate network. Turning off your logs "when you don't need them" is
cheaper than leaving them on all the time.

If anyone says "total security is impossible" you just say: So fucking what?
That's not an excuse for spending as little on security as possible, and you
know someone isn't serious about security if they avoid admitting they are
responsible for the security in the first place.

------
standardUser
At this point HN should just have a permanent module in the top right corner
announcing the latest data breach.

~~~
dvtrn
"Days since last publicly disclosed data breach breach: 0"

~~~
Operyl
Honestly? A minutes scale might be more appropriate there. Unless we add the
"Major" but then, what is major?

~~~
LeifCarrotson
Nah, a minutes scale would require data entry frequently, and HN's volunteer
moderators probably don't want to have to click "Reset breach counter" all the
time, plus you'd need to write code for both that button and the minute
counter.

Let's keep HN Javascript-light: "Days Since" is much easier to implement. Just
one line of static HTML will do:

    
    
        <b>Days Since Last Breach: 0</b>

------
dx87
The official blog post doesn't give any information about the breach except
"We noticed a third-party had unauthorized access to DoorDash data", and the
TechCrunch article says that DoorDash responded that they couldn't explain how
the breach happened. How are they so sure that they fixed the underlying cause
if they don't even know how the third-party got access in the first place?

~~~
Deimorz
It seems like the breach was through a third party that only had old data,
since nobody that registered after April 5, 2018 is affected.

So it's probably some service that they no longer use and doesn't really need
to be fixed or investigated, since all the data they had has already been
taken and they (probably) stopped giving them more data a year and a half ago.

They should really say who the third party was though. Hopefully that
information comes out.

~~~
bowties2cool
A year ago customers were complaning that their accounts were accounted
despite using an unique password to DoorDash. DoorDash at that time denied any
hacking incidents.

A more sinister explanation is that DoorDash knew back then who is leaking
their data and removed their access. But chose to disclose only just now.

------
jacquesm
There is a silver lining in all these data breaches. At some point in time
_all_ our data will have been leaked at least once and probably more than once
and subsequent leaks will not do any more damage.

The safe assumption would then be to not trust any accounts created online
without some good old KYC processes in place requiring live verification of
identity.

~~~
basicplus2
A government created physical token for every person could be the direction we
are headed

~~~
munk-a
Alternatively, we might be headed for sane data breach and privacy laws.
Something like... if you want to store personal data then pay for an external
audit or have your domain confiscated - done.

~~~
jacquesm
Ever since the enacting of the GDPR I've seen a substantial uptick in the
number of companies that take their data liabilities serious.

~~~
hellcow
Not doordash, apparently. Their CS agents and supervisors were completely
unaware of GDPR and unable (or unwilling) to delete accounts.

~~~
jacquesm
Doordash is headquartered in San Francisco, that might have something to do
with it. Do they even operate in Europe?

------
big_chungus
Original blog post: [https://blog.doordash.com/important-security-notice-
about-yo...](https://blog.doordash.com/important-security-notice-about-your-
doordash-account-ddd90ddf5996#46h35gr24e)

From the techcrunch article: "It’s not clear why it took almost five months
for DoorDash to publicly reveal the breach. DoorDash spokesperson Mattie
Magdovitz say why [sic]."

Pretty bad. If personal identity info is exposed, it is irresponsible not to
notify users immediately so they can freeze credit and watch for suspicious
activity. The blog post did mention a third-party vendor, so it's possible
there was a delay, but it's a whole other problem if it took this long to find
a breach.

This sounds like it could be "flipboard-itis". Flipboard stored passwords
insecurely in the beginning (SHA-1), but switched to bcrypt as it scaled. The
passwords breached were before 2015, so possibly a similar thing here where
they started out with bad security and improved with scale (but left the old
stuff behind). I'm guessing Doordash did something similar and improved
security as it scaled.

~~~
tempsy
Huh? The blog post says April 5, 2018.

~~~
Deimorz
I'm not sure what you're trying to point out, but it seems like the data was
stolen from a third party DoorDash uses, and that they only had data from
users that registered on or before April 5, 2018. The breach actually happened
on May 4, 2019.

(And the 2015 reference in the comment you're replying to is about a Flipboard
breach, not DoorDash)

~~~
rickyc091
Well, back in 2018, TechCrunch reported that they were compromised. I believe
this is the same breach as then. They just reported it one year later.

[https://techcrunch.com/2018/09/25/doordash-customers-say-
the...](https://techcrunch.com/2018/09/25/doordash-customers-say-their-
accounts-have-been-hacked/)

------
rietta
The classic trite "We take the security of our community very seriously."
Nearly every corporate communication about a breach says it and often it comes
out to have been demonstrably untrue.

~~~
re
Here's a four-year-old collection:

[https://www.troyhunt.com/we-take-security-seriously-
otherwis...](https://www.troyhunt.com/we-take-security-seriously-otherwise/)

> “We take security seriously”, otherwise known as “We didn’t take it
> seriously enough”

------
throwaway867295
(Throwaway account)

I used to work for a third-party service provider that merchants send this
sort of data to for lots of users. Considering there weren't lots of customers
using this provider making similar posts, and Doordash didn't call out the
provider, it wouldn't surprise me if a Doordash employee account with that
provider got compromised. The blog post was carefully worded to not throw the
provider under the bus, but also avoid taking blame, themselves.

The telling bit is that the last four digits of credit card numbers were sent.
There are only a few types of vendors you'd send that data to.

~~~
cavisne
I cant figure out what "third party provider" you send passwords to though?

~~~
snowwolf
Yeah. My guess is 3rd Party provider is AWS S3 and a DB backup was accessed.

------
luhn
The official blog post: [https://blog.doordash.com/important-security-notice-
about-yo...](https://blog.doordash.com/important-security-notice-about-your-
doordash-account-ddd90ddf5996#46h35gr24e)

------
Nextgrid
I feel bad for the people affected but at least the scummy company got what it
deserved for stealing tips (for those unaware, they used to withhold the total
tips out of a delivery drivers base compensation so essentially taking the
tips for themselves).

Now if they could just completely die so a more ethical competitor can take
its place it would be even better.

~~~
RHSeeger
They did no such thing, and I find it frustrating that people keep repeating
this falsehood. Doordash promised to pay drives at least $X (where X was, I
believe $1 or something like that) AND that the driver will make at least $Y
from the delivery. The driver always gets the tip, plus a variable amount from
DD. This is _exactly_ how it works for wait staff in restaurants in most
states, except that is by hour instead of delivery. For example, in MA, the
restaurant pays out a minimum of $3.75 (wait staff minimum wage in MA) and
guarantees that the wait-person makes $11 (actual minimum wage). See
[https://www.dol.gov/whd/state/tipped.htm](https://www.dol.gov/whd/state/tipped.htm)

~~~
Nextgrid
Did they make that clear to the end customer that this is what's happening
with the tips? I don't care what their contract with the delivery driver
states, if they allow me to add a tip I expect that tip to go in the driver's
pocket in addition to whatever they'd get paid without the tip, just like if I
was giving them cash directly. If that's not what's happening they have
essentially defrauded me and I wouldn't be too happy about that.

~~~
zippergz
When was the last time a restaurant disclosed this arrangement to you?

~~~
jetti
Restaurants are bound by labor laws that require minimum wages to be paid to
employees. As far as I know, Doordash drivers are not employees but are
independent contractors which means they aren't required to be paid minimum
wage under the Fair Labor Standards Act. Since they aren't required to be paid
minimum wage this situation is completely different than at a restaurant

------
jenrzzz
DoorDash is the worst. They inexplicably banned me from their platform after
giving me a credit for a bad order. I filed several support tickets over
several months and kept getting canned responses about how they were "looking
into the issue." Eventually I just switched to Uber Eats.

------
greenail
I've been vending myself unique email addresses for every online account I use
for about 3 years. They are nice because I can reply to them like a regular
mail and my actual email account gets stripped out automagically.

I've been considering making it a product and I wonder in this case what
people would want to do when the account data gets leaked?

1\. blackhole all email to the address. 2\. forward all email to some email
service that is never/rarely used. 3\. flag messages that are not sent from
the matching domain (doordash.com in this case). 4\. blackhole and generate a
new address so the user can go back to door dash and provide a fresh email
address.

I also wonder if there is any use for meta data on who's trying to email a
blackholed email addrress e.g spam blacklisting.

~~~
novok
You can do something similar with fastmail. Get a domain for your email and
make an alias address of the form [anything]@[alias].domain.com . You can then
make 'sending identities' for an instance of that catchall domain for the rare
time you need to send email as mortgage_company@a.domain.com . You can also
create rules to blackhole a specific alias email or whatever you want when you
need to invalidate the email.

~~~
greenail
So how would you handle this breach with your fastmail alias?

~~~
novok
If I start noticing annoying spam being sent to doordash@a.domain.com then I
make an email rule to delete it and change my doordash account email to
doordash_again@a.domain.com along with a password change with my password
manager?

~~~
munk-a
It'd be nice if there was a way to way that pile of emails at some authority
and say "Here, this is the crap that's come of that data breach." Ditto for
any authorized (but shady) third party data sharing.

Sadly we currently lack a consumer protection bureau.

~~~
kilburn
This is the part the is really missing.

I use user.site@mydomain.com whenever I sign up at random sites. Last night I
got a bunch of spams at the just-eat [1] account (food delivery, operating in
13 countries so not a small operation).

Now I know they've been breached, but:

1\. They haven't reported it anywhere.

2\. I don't know of any meaningful action I can take.

[1]
[https://en.wikipedia.org/wiki/Just_Eat](https://en.wikipedia.org/wiki/Just_Eat)

~~~
ipsi
They're headquartered in the UK, so I'd start with making a complaint via the
Information Comissioner's Office: [https://ico.org.uk/make-a-
complaint/](https://ico.org.uk/make-a-complaint/). The best option is probably
"Your personal information concerns":

> If ... you’re concerned about how an organisation has handled your
> information – if the information is wrong, they have lost it or disclosed it
> to someone else – tell us.

------
SketchySeaBeast
I still worry about DoorDashes security - someone has signed up for services
with my email account - not an issue, I just will never verify them. But they
had signed up for DoorDash, and I didn't realize it, and then I tried to sign
up for the first time via the Android App with that same email account. I
selected the email account to my surprise it immediately let me into the other
persons account! They had ostensibly set up a password, but I didn't need it
and could see their phone number and bits of their payment information. I sent
in a support email for that one, and got the account closed, but still, not a
great sign.

~~~
xxxtentachyon
I don't understand, it just never prompted you for a password?

~~~
SketchySeaBeast
Nope. I was using the built in Android Account linking (like if you link up
your Facebook account to an application OAuth style), but the person who set
up the account couldn't have been - they would have set it up with a password
as they can't access my email account.

Of note here, I never verified the account when the user first signed up, so
DoorDash has always just been going on the first guy's word that they are who
they say they are.

~~~
gtCameron
If you control the email address on the account you could get in by resetting
the password, so I'm not sure what the difference is there

~~~
SketchySeaBeast
To me the difference is the intent - I didn't intend on entering someone
else's account. If I'd tried to log in with a password/email, it would have
told me the account already exists, or prompted me to reset the password, and
then I'd need to request that and knowingly invade the account. This way I
just walked right in without even knowing what I was doing - I didn't realize
there was even a problem until I went "hey, that's not my phone number!".

------
readhn
I propose a way to improve cybersecurity: FINE companies who loose sensitive
customer data to hackers. Fines can be calculated according to the "breach
severity grid" which is based on the type of data that is lost. For example:

1\. Personal address, DOB - $15. 2\. Each social security $20. 3\. Driver
license number $25. 4\. Bank account numbers $30. etc.

So a loss of 4.9 million social security numbers, DOB and addresses would
generate a fine of $171,500,000

Problem solved!

Now, the company will think 100x times BEFORE collecting consumer data if they
can actually PROTECT IT. Build robust security FIRST!

~~~
Sohcahtoa82
I would add passwords to the list of fines with growing penalties based on how
the passwords were stored.

Unique salt per user hash < shared salt with user hash < no salt but using
strong hash < no salt and a weak algorithm like MD5 or SHA-1 < plaintext

~~~
readhn
great suggestion! loosing data that is well protected is one things, but
loosing plain text personal info is totally different matter and should be
punished more.

------
hnruss
Wonder if I'll get another $25-50 from a class action lawsuit over this.

~~~
munk-a
Nah, you'll be offered 25-50$ but then they'll swap it out for 25-50$ in
credit monitoring and/or applebee's coupons at the last minute.

~~~
dylan604
I think I take the credit monitoring in this instance?

~~~
magashna
I'll throw it on the pile of all the other credit monitoring I've gotten from
other breaches.

~~~
munk-a
Sadly credit monitoring just increases the chance that your data will be
breached once again - what about the option where, because you guys done
goofed with my data, you're not allowed to track me anymore or store any data
on me - and you're not allowed to charge me to do this nor randomly charge me
if a bank tries to talk to you.

Credit Bureaus are just such steaming piles of crap.

------
tolstoshev
DoorDash probably forgot to tip the “third-party service provider”

~~~
dylan604
No, they kept took their tip to pay the base salary instead.

------
newherehi
Stealing tips and now a breach with a terrible response. These people should
be in jail and their company should be shut down.

------
abuehrle
I received the email. I'd asked them to delete my account 6 months ago, and
they confirmed at the time they'd "deactivated" it. I guess that wasn't enough
to protect me. As an American developer, GDPR seemed like a pain at first, but
more and more I wish we had something similar.

------
cavisne
Disclosure on this was pretty bad. I got an email saying your password has
been reset, if you didnt do this contact support.

Removed payment methods from my account and reset the password, but now I
assume this was done to all users?

------
frereubu
I don't know a great deal about DoorDash, but my understanding is that they're
only in the US. If so, they're not bound by the EU's GDPR data breach
disclosure timescales, which are "without undue delay and, where feasible, not
later than 72 hours" if they're likely to result in a high risk to the rights
and freedoms of data subjects, which this seems to fit. Compare that with the
apparent _five month_ delay here, with all its attendant risks to the
customers whose data was made available. The EU has its flaws, but when I read
stories like this I'm really happy I'm covered by GDPR.

------
innagadadavida
After using food delivery and takeout services, I felt the plastic waste it
generates is incredible. All the folks that care even a little bit about the
environment, please just get out of your homes and just dine-in. Silicon
Valley startups just don’t care about the environment, you can change that one
person at a time.

------
mattbreeden
This was great to get an email about since doordash does not let users delete
accounts. You can only 'deactivate' in a way that is easy to 'reactivate'. If
I would have actually been allowed to delete my account many months ago when I
asked maybe I wouldn't have had my information leaked.

~~~
mattacular
My doordash got hacked a year ago when they did not have a special call center
set up. I had no choice but to file a support ticket into the void (which was
even more difficult since I did not have access to my account so I had to use
a public contact form). I always suspected a breach since the account had a
unique password and was only used on my personal phone which I was still in
possession of. I wonder if they are just now getting around to disclosing that
breach?

I did not hear back from support for 3 months (no exaggeration). I asked that
they delete my account back then so you can imagine my delight to receive more
security-related correspondence from this company today.

------
louwrentius
A 490 million dollar fine sounds reasonable. To be paid by giving each
customer back $100.

------
zer0faith
When the F are we going to hold people accountable for piss poor security
posture.

------
Thriptic
Is their password change function working? I can't seem to change my pw. It
gets to SMS 2FA then appears to fail when I try to verify the token I'm sent
and boots me back to the PW change page.

------
seomint
I don't know what's more frustrating to read -- news of these seemingly
constant data breaches or news that the latest Windows 10 Update just broke
something else.

------
treggle
Is there a list of all disclosed security breaches somewhere?

~~~
Sneeza
The best site I've used is haveibeenpwned.com, seems to be the go-to for most
security breaches and has a tool that can notify you when some of your
information has been compromised tied to an email address.

~~~
rolltiide
I don't like that because if you put in an email address it doesn't reveal
whether you've already addressed the issue or not. It just shows if it was
included in a breach, great for newbs to go "ooOOOooooOOoo" but useless for
anything else.

I also alias email addresses for every service that allows a + sign in the
email field, so now I have no way to notice quickly if the email was included
in a leak. But I do have a way to know which service got breached or sold info
if I start getting additional emails to any particular alias.

------
basicplus2
A government created physical token for every person could be the direction we
are headed

------
noodlesUK
Once again, the US is sorely lacking regulation w.r.t data breaches. In Europe
the breach might have still happened but at least customers would have been
told months earlier and there would be some predictable penalties for the
companies. I also think that DoorDash would have been more transparent about
the steps that lead up to this.

We need a US GDPR. Even if there’s nothing like the right to be forgotten, we
need data breach regs.

------
thoughtpalette
Anyone know how this affects users that login via Facebook Auth with Doordash?

------
oldspleen
There goes my private data; thanks doordash for the leak

------
luckydata
when will it become not ok to suck at this?

------
adtac
>The breach happened on May 4

I don't believe for one second that they didn't know about it for five months!
Can someone in the EU please report this so that it's investigated for a GDPR
violation?

Edit: from the official post on blog.doordash.com:

>Earlier this month, we became aware of unusual activity involving a third-
party service provider.

Of course. This is quite a bit more than the 72 hour window GDPR allows.

~~~
dave5104
DoorDash doesn't operate in the EU, so I don't think they need to care about
GDPR.

------
rkho
I attempted to purge my data from Doordash's servers. They refused, citing
GDPR for some reason and saying the best they could do was to "deactivate" my
account (while retaining my personal information).

------
oldspleen
There goes my private data. Thank you DoorDash for the leak.

------
DConway39
Wow thats crazy

------
PeterCorless
Okay, this has been up for two whole hours, and no one has yet said "OMG, I
think I'm going to lose my lunch over this!"

Get with it people! The jokes are right there.

------
sir_sagar
This kind of bugs and problems will open the eyes of companies to get on to
blockchain. As a Blockchian enthusiast, i found it is best to store data on
it. And in market many companies doing the same too. to fire more questions
and query drop a mail on sagar@trsts.co

