My dear diary,

Today, the guy that convinced the boss to completely replace our functional CMS website (marketing used to update it) with a static one he was writing from scratch in PHP + jQuery, has published our MailChimp Api Key on StackOverflow, because he couldn't make the API to work.

Boss didn't complain, but I don't think he understood what happened. Just asked the guy for not doing that again.

It was a crazy day.

  • 11




  • 6
    OH MY...............

    Probably he argued cost.

    "Why would you pay 3000$/month for HubSpot, while I can do it for you in like 20 hours. And each update will take like 2-3 hours. Hosting will be 50$/month !!!"

    edit : key was reset, right ? RIGHT ?
  • 4
    Thats a one up on a former colleague of mine :)

    He also published and api key, but only in one of out js files so it was a lot harder to find.
  • 6
    @NoToJavaScript MailChimp has disabled it immediately, for our luck!
  • 0
    @Voxera oh, great! Very easy to find... ¬¬
  • 8
    So you bring the van I'll bring the masks and chloroform?
  • 1
    @SortOfTested hahahahahaa Deal!
  • 1
    I made that mistake of publishing an access token/key once.
    Never again, someone wreaked havoc in the system.
    God it pains me to think about it.
  • 1
    @LesMore hahahaha That's a good trick! I didn't think about that before.
  • 1
    @Ranchonyx Now I feel sorry for you. But did it give any real problems for you?
  • 3
    @brunofontes in fact it did, quite a bit actually.
    The token was a discord bot token for my application which was running on a public gaming discord server for testing sake (talked to owner, he let me test my stuff there).
    Someone used the token, completely messed up the server.
    Random people banned, kicked, roles fucked up, channel structure gone, and then the witch hunt after me.
  • 0
    If PHP is being used, then site is not static, Or if you are not utilizing it, it still doesn't make any difference.
Add Comment