Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
kurtr126507y@simpleJack Fortunatley that one had zero affect on us but even if it did this ones worse (technically speaking atleast). Hetzners management panel was hacked and their entire db was exposed. They stored all ftp passwords in plain text along with db passwords and a bunch of other things (like the remote access to my self managed servers). Along with that the staff at our office did dumb shit like store customer email passwords in comment fields etc resulting in us having to change 3000+ email passwords on top of everything else. The shit needed to be addressed anyway, I just hoped that when that time came I would have a few weeks notice.
-
@kurtr
Man reading that was actually infuriating, worst part is under south african law there are almost 0 reprucussions for these breaches...the masterdeeds people wont face any charges
Storing customer passwords in plaintext to "better serve our customers" i mean seriously they are a hosting company -
kurtr126507y@simpleJack I know exactly what you mean! Sadly our staff made the same fucking mistake (although it started when it was telephonically recommended by one of hetzners support staff 7 years ago).
This stuff is actually covered by the POPI (protection of privacy and information) act which came into effect a couple of years back and was supposed to be coupled with crippling fines & penalties for non-compliance but to date hasn't been enforced.
I am very familiar with the story of a guy (totally not me) who (accidentally) stumbled across a 30gb unsecured mongo instance 2 years back belonging to a SA cell company (unamed for legal reasons). It was far worse than the masterdeeds leak and aside from id no's contained public links to id copies, proof of residence and bank statements!
Fortunately he used a throw away email address to report it since they replied with 30+ threats to sue the crap out of him which he generously responded to by giving them 24 hours to secure it before wiping it himself.
Related Rants
-
cdrice105"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!" ...
-
MoboTheHobo36My Friend: Dude our Linux Server is not working anymore! Me: What? What did you do? My friend: Nothing I swe...
-
tommy15Right now someone at Google is coding something useless for us to laugh at on April Fools.
Just came home to cook supper at 11am again before I go back to the office to pull an all nighter to implement last minute changes thanks to a hosting provider in south africa getting hacked last Friday.
I love being a dev but this is one of those moments I really think to myself "your the moron that chose to do this for your career you twit" 😑
rant
thanks hetzner
all night
fml