17,000,000 GrubHub passwords and other data exposed, hackers claim (cybernews.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 10 Apr 11:46
https://sh.itjust.works/post/35871213

#cybersecurity

threaded - newest

Zozano@aussie.zone on 10 Apr 12:41 next collapse

My dumbass read “github” and I had a small heart attack.

TheButtonJustSpins@infosec.pub on 10 Apr 14:09 next collapse

I was right there with you

starshipwinepineapple@programming.dev on 10 Apr 19:38 collapse

Even if it was github, they have mandatory 2fa now which would help. Still some risks for people who reuse passwords on other services or if their 2fa got compromised (sim swaps), etc but wouldn’t be full blown catastrophic

ryedaft@sh.itjust.works on 11 Apr 05:43 collapse

I thought the point of salting was that the reuse doesn’t matter as much?

napkin2020@sh.itjust.works on 12 Apr 03:08 collapse

There’s always a chance you get phished and your password as a plaintext gets compromised. Using a same password makes it extra damaging.

Drusas@fedia.io on 10 Apr 22:20 next collapse

The passwords are encoded using the SHA1 cryptographic hash, which is widely considered vulnerable.

Jesus, they're not even using SHA-2. It's been available for ages.

sylver_dragon@lemmy.world on 11 Apr 14:31 collapse

Move fast and break things!
“Things” in many cases includes “security”.

napkin2020@sh.itjust.works on 12 Apr 03:12 collapse

The passwords are encoded using the SHA1 cryptographic hash,

Bro…