Hacker News new | ask | show | jobs
by Ozzie_osman 1513 days ago
So the original issue was described as a leak of github oauth tokens, and made it sound like the risk would be someone using oauth tokens to access github repos.

Resetting passwords implies something else may have been compromised (passwords, either hopefully encrypted), but is a pretty scary ask for them to make without providing more context here.

Trainwreck indeed.
2 comments
andreareina 1513 days ago
I certainly hope that passwords aren't encrypted but run through an appropriately-expensive password hash.
link
Ozzie_osman 1512 days ago
Yes, I should have said hashed not encrypted.
link
zeepzeep 1512 days ago
hashing is one-way encryption tho
link
Tiddles-the2nd 1512 days ago
That's the point, take a look into salting + hashing passwords
link
matthewcford 1512 days ago
Resetting the password resets your API key, which is different from the Oauth tokens.
link