Y
Hacker News
new
|
ask
|
show
|
jobs
by
tadzikpk
1023 days ago
If this credential is still valid 2 years later, what is their credential rotation policy?
3 comments
Fatnino
1023 days ago
5 years. The dump is from 2018
link
roymj88
1023 days ago
Whoah... Surely this may not be the only news waiting to come out.. They just need to find out what else they've got during this period..
link
Fatnino
1022 days ago
A little tidbit that they neglected to underline is that they hadn't rotated that key in at least 5 years.
link
roboman
1023 days ago
^ agree! What an easy mitigation this would have been.
link
lucasRW
1023 days ago
It's not a password though, but probably a private key, not that easy to rotate every now and then.
link