Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.

Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.

Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.

  • 4
    @ArcaneEye caches we can control were cleared and it was put on our site so we control most of them. But no, no additional checking was done to ensure it wasn't cached, and no one is changing the password to make sure it is invalidated.
  • 0
    Time to organise an intervention for the management
  • 9
    Did you also check googles cache and the way back machine?

    Plus make sure to leave/create a paper trail. Write an email to managment, explaining what happend, what you propose to do and what could be consequences (include financial and reputation damages) and include, that they stated not to do anything. Something like "this to summarize our conversation about the security breach".

    That way, no matter if something bad happens or not your ass is covered. Always remember HR is there to protect the company and not you.
  • 0
    This is why I use git xD development and production sites are separate
  • 2
    @Wack paper trail, investigation, emails, write up, has all been done and ignored as expected. I can only lead the horse to water.

    I told them today that they would solve their roof leaking on their heads by carrying an umbrella.
  • 2
    @sylar182 like that analogy
Add Comment