[gingernaut]

They don't say what the timeframe for this issue is. Have passwords been logged for the last 6 months? Last 3 years? Was this a bug found and fixed last year, and only now are they reporting it?

[softawre]

The article does say:

> that they were exposed for “several months.”

[lucb1e]

Same as Github it seems.

I wonder what library was used, and which other companies use it which hasn't told their users. That'd let us know who isn't as transparent...

[insensible]

We must assume the worst.