Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				And how do you know exactly, that username was in place of password? no hashing??
- 
				
				I expect the password was fairly odd and the user accidentally entered it into the user field as well. Potentially no password confirmation or something.
- 
				
				@tatocaster Maybe he hashed the name and the result was the same string as hashed password.
- 
				
				 Shylor869y@tatocaster the customer put their password into the name field. So the newsletter said hello and then their password. Also I was the one that brought advanced password hashing into the company. Shylor869y@tatocaster the customer put their password into the name field. So the newsletter said hello and then their password. Also I was the one that brought advanced password hashing into the company.
- 
				
				 Shylor869yAlso the newsletter system only allows name and email address. The password should have never been there. Shylor869yAlso the newsletter system only allows name and email address. The password should have never been there.





Customer: I keep getting your newsletter with my password in it.
Me: What?
I look through the accounts. The customer had set their name as their password... a year ago.
undefined