And the winner is...

That's exactly the same github had, what's actually going on?

Here's what I mean: https://bleepingcomputer.com/news/... literally a 1:1 phrasing

Please tell me this is fake 😆😆

To clarify: it was exposed in plaintext in their logs, not completely publicly. and twitter says nobody accessed or abused the data but the password change is precautionary

@DeveloperACE exactly same what github said, there's something that both are trying to hide, maybe somebody found a more global issue and reported it to them (and others to follow), but there's a cooldown until it will be actually publicly disclosed

@JoshBent I wonder if google is clearing their caches like they did for heartbleed and the other Cloudflare thing (unless they are the same I don’t remember)

Wtf... Just read both articles

Look at this shit!

Tis not a joke. This is from my email lol.

The thing that bothers me is how many users were affected by GitHub and how many on Twitter.

That sunova....

In their defence, this is more of a bug than a data breach. I consider the disclosure more of a proactive preventative measure.

I wonder how many other organisations have discovered a similar issue and just deleted the logs.

@CodeCrack Rarely a bad idea. That and 2FA.

WTF?! Beyond logging at the infrastructure level, surely this would require passing the password to the logger somewhere?!

That’s just pure insanity.

@Condor I've been pwned on 9 sites . Is that normal?

why the fuck do people store passwords in plain text?? personally in every single project I worked on, I would use sha to hash the password and only deal with the hashed one, I never need to know the original password

@bigworld12 I think in GitHubs case the passwords were being stored securely. A bug meant that passwords were being recorded in a log file.

@mrgadget so before they were stored, they were printed plainly in log files?

@bigworld12 not through a conscious design I bet.