The Spoutible API breach is something else. Leaking password reset tokens and 2FA setup? HOW EVEN. LIKE SERIOUSLY.
Conversation
Notices
-
Embed this notice
Thomas 🔭✨ (thomasfuchs@hachyderm.io)'s status on Tuesday, 06-Feb-2024 01:21:51 JST Thomas 🔭✨
-
Embed this notice
Thomas 🔭✨ (thomasfuchs@hachyderm.io)'s status on Tuesday, 06-Feb-2024 01:29:17 JST Thomas 🔭✨
@FeralRobots That was a terrible response, somehow also implying that it was an attack (when it wasn't).
-
Embed this notice
FeralRobots (feralrobots@mastodon.social)'s status on Tuesday, 06-Feb-2024 01:29:18 JST FeralRobots
@thomasfuchs
Worse: when they disclosed the breach to customers, they didn't disclose the exposure of anything but email addresses and "some cell phone numbers."
Bouzy has absolutely no excuse for downplaying the seriousness of that combination. -
Embed this notice
Justin 🌻 (onyxraven@hachyderm.io)'s status on Tuesday, 06-Feb-2024 02:01:04 JST Justin 🌻
@thomasfuchs sadly, I can 100% see the code. a default (old) rails or other ORM+view framework pointed at a table will happily serialize everything. and usually that'd have those things in plaintext. Rails has since improved that with some heuristics.
-
Embed this notice