Tuts+ accounts hacked - User passwords stored in CLEARTEXT

Y	Hacker News new \| ask \| show \| jobs

	Tuts+ accounts hacked - User passwords stored in CLEARTEXT (notes.envato.com)
	5 points by zeantsoi 5102 days ago

3 comments

stephenr 5102 days ago

They knew the "plugin" stores passwords in clear text and still chose to use it.

I don't care if they had a plan to move away from it. That's not good enough.

Seriously how fucking hard is it to do things properly?

link

zeantsoi 5102 days ago

Clearly, this was a disaster waiting to happen. Not that it would ever happen, but if websites were required to disclose how sensitive information was stored, I'd guess this sort of intrusion would be far less common, since no one would use a site that left passwords unencrypted/salted/hashed. Tuts+ is a HUGE service... 660 on Alexa today. I am beyond frustrated.

Makes a big case for OAuth in my mind.

link

stephenr 5102 days ago

I wish you were right, but check out the comments on the original article. Plenty of people whose response is "these things happen, good luck guys"

Plenty of developers have no fuckin clue about basic security, so why would users of a tutorial site?

link

septerr 5102 days ago

What is Tuts+ about?

link

zeantsoi 5102 days ago

Subscription-based Web/Photoshop/Illustrator/AV tutorials.

link

gbeeson 5101 days ago

Passwords in clear text. What was Tuts+ about.

link

drdoooom 5101 days ago

the irony.

link