Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Here's what I mean: https://bleepingcomputer.com/news/... literally a 1:1 phrasing
-
A-C-E56527yTo clarify: it was exposed in plaintext in their logs, not completely publicly. and twitter says nobody accessed or abused the data but the password change is precautionary
-
@DeveloperACE exactly same what github said, there's something that both are trying to hide, maybe somebody found a more global issue and reported it to them (and others to follow), but there's a cooldown until it will be actually publicly disclosed
-
A-C-E56527y@JoshBent I wonder if google is clearing their caches like they did for heartbleed and the other Cloudflare thing (unless they are the same I don’t remember)
-
The thing that bothers me is how many users were affected by GitHub and how many on Twitter.
-
mrgadget4277yIn their defence, this is more of a bug than a data breach. I consider the disclosure more of a proactive preventative measure.
I wonder how many other organisations have discovered a similar issue and just deleted the logs. -
Brolls31157yWTF?! Beyond logging at the infrastructure level, surely this would require passing the password to the logger somewhere?!
That’s just pure insanity. -
why the fuck do people store passwords in plain text?? personally in every single project I worked on, I would use sha to hash the password and only deal with the hashed one, I never need to know the original password
-
mrgadget4277y@bigworld12 I think in GitHubs case the passwords were being stored securely. A bug meant that passwords were being recorded in a log file.
Related Rants
And the winner is...
random
twitter
password leak