119
JS96
7y

And the winner is...

Comments
  • 11
    That's exactly the same github had, what's actually going on?
  • 9
    Here's what I mean: https://bleepingcomputer.com/news/... literally a 1:1 phrasing
  • 4
    Please tell me this is fake 😆😆
  • 9
    To clarify: it was exposed in plaintext in their logs, not completely publicly. and twitter says nobody accessed or abused the data but the password change is precautionary
  • 10
    @DeveloperACE exactly same what github said, there's something that both are trying to hide, maybe somebody found a more global issue and reported it to them (and others to follow), but there's a cooldown until it will be actually publicly disclosed
  • 3
    @JoshBent I wonder if google is clearing their caches like they did for heartbleed and the other Cloudflare thing (unless they are the same I don’t remember)
  • 5
    Wtf... Just read both articles
  • 8
    Look at this shit!
  • 4
    Tis not a joke. This is from my email lol.
  • 4
    The thing that bothers me is how many users were affected by GitHub and how many on Twitter.
  • 0
    That sunova....
  • 7
    In their defence, this is more of a bug than a data breach. I consider the disclosure more of a proactive preventative measure.

    I wonder how many other organisations have discovered a similar issue and just deleted the logs.
  • 0
    @CodeCrack Rarely a bad idea. That and 2FA.
  • 1
    WTF?! Beyond logging at the infrastructure level, surely this would require passing the password to the logger somewhere?!

    That’s just pure insanity.
  • 0
    @Condor I've been pwned on 9 sites . Is that normal?
  • 0
    why the fuck do people store passwords in plain text?? personally in every single project I worked on, I would use sha to hash the password and only deal with the hashed one, I never need to know the original password
  • 0
    @bigworld12 I think in GitHubs case the passwords were being stored securely. A bug meant that passwords were being recorded in a log file.
  • 0
    @mrgadget so before they were stored, they were printed plainly in log files?
  • 0
    @bigworld12 not through a conscious design I bet.
Add Comment