‘Twas an exciting and profitable weekend for hackers!
Three database/email server compromises were revealed over the weekend. A business partner of McDonald’s lost their promotional mailing list, Gawker’s entire user database was compromised and posted, and the DeviantArt user mailing list was also stolen, along with additional user information, again through a partner. None of these cases involved financial data; none of these would have been covered in any way by the PCI requirements.
The danger with the McDonald’s and DeviantArt compromises isn’t the account names, it’s the the potential for phishing and other scams. The phishers now have a validated list of customers they can target their spam at, quite likely starting with fake alerts about the compromise itself to get users to click on links to malicious sites.
Always be cautious about clicking links in email. If one tells you to go to a site where you have an account, use your own bookmark to get there.