Panic’s Steven Frank shares some arresting news:
Last week, for about three days, the macOS video transcoding app HandBrake was compromised. One of the two download servers for HandBrake was serving up a special malware-infested version of the app, that, when launched, would essentially give hackers remote control of your computer.
In a case of extraordinarily bad luck, even for a guy that has a lot of bad computer luck, I happened to download HandBrake in that three day window, and my work Mac got pwned.
Long story short, somebody, somewhere, now has quite a bit of source code to several of our apps.
That’s the bad news; the good news is that Panic have taken extraordinary steps — steps that even they admit are probably overkill — to help ensure that no harm will befall their customers.
Beyond the situation at hand, this announcement’s honesty and transparency is admirable. They’ve created some truly innovative stuff that would likely be considered proprietary knowledge, like a wicked fast FTP engine and a ridiculous toolbar. But the Panic people are good people, and their handling of this is a model for other companies to follow should they be faced with a similar situation.
Update: I’ve been thinking about this story all day. I wanted to underscore that Panic was able to receive such an understanding and sympathetic reception to this news because they do things right pretty much all the time. They’re good people making good software. I wrote above that this is a model response for other companies, but I’m not sure many others could announce similar news in this fashion: most other companies have too much baggage and aren’t as trusted as Panic. It’s not so much that this response is what other companies should copy; it’s Panic’s entire approach.