Our biggest competitor has just been hacked. All their sensitive data, including passwords and client data, has been compromised.

It is not yet in the news, but someone forwarded their internal communication to us. :D

(fixed mistranslation)

They have to notify all parties involved. Clock is ticking. Big hit in customer trust and possibly hefty fine coming their way

Public key authentification should be handled by the browser imo. Just send a token

@PappyHans For sure. It's an EU company and not a multinational. I hope they play by the rules.

@antigermanist Their product does not use HTTP or HTTPS but a whole different protocol. I'm not sure how their authentication is done for their devices. Maybe their admin platform that probably uses HTTPS has been hacked. I have no idea about how it happened (yet).

@wojtek322 I mean it's good for you somehow but also scary no? You better beef up your opsec just in case.

@antigermanist We have also detected hacking attempts earlier this week but my colleagues have determined that their attempt was not successfull.

Since we are a direct competitor of them, i assume they have been hacked by the same party and on a very similar way like they attacked us.

Respect to your hacking skills man! ;-)

WHY did they have passwords stored?? With practices like that, it was only a matter of time.

Hope they have their user passwords hashed and not in plain text when stored. Mind boggling in this day and age there is still companies storing passwords in plain text. How hard it is to use bcrypt

@AlgoRythm Unsure, that is what the COO told us. He got that email forwarded so not sure if he was exaggerating or really the case (hashed or not). Maybe the password manager was compromised or an exploit was found to bypass the authentication. IDK at this point. They have not yet made a public statement.