Y
Hacker News
new
|
ask
|
show
|
jobs
by
Vespasian
4458 days ago
The passwords did not come from the database (which should only have hashes stored) but from the http request send by the client during login (originally this was transmitted encrypted but leaked out due to the bug).