"Oh and PIAs support site and customer DB were compromised using a deserialization vulnerability in kayako."

Can you please detail when this was? I would assume based on your example in December 2016, however PIA Support wasn't using Kayako in December 2016. For clarity, I run PIA Support and one of the first things I did when I joined the company was replace Kayako.

That cookie isn’t from PIA. It was a random example of the really obviously vulnerable fusion cookies I pulled by googling the cookie name.

Looking at some file timestamps on my laptop, I guess this was around feb or april 2015?