|
|
|
|
|
|
by arnaudlaudwein
3577 days ago
|
|
|
This is the case when attackers don't get access to the database itself - imagine they were able to listen to connections between users and front-end servers, and extracted authentication information. This would only concern users connecting during a specific timeframe. In this post for instance, they indicate that attackers got 'sync users’ passwords' while storing only 'encrypted/hashed data'. Other possibilities: they accessed a partial backup (or prod data used in dev), a caching system, a message broker (Kafka)... |
|
|