5
kurtr
7y

Just came home to cook supper at 11am again before I go back to the office to pull an all nighter to implement last minute changes thanks to a hosting provider in south africa getting hacked last Friday.

I love being a dev but this is one of those moments I really think to myself "your the moron that chose to do this for your career you twit" 😑

Comments
  • 1
    yup those moments are the worst. Good luck in pulling those changes :)
  • 1
    looool are you working on the masterdeeds.sql hack/leaks?
  • 2
    @simpleJack Fortunatley that one had zero affect on us but even if it did this ones worse (technically speaking atleast). Hetzners management panel was hacked and their entire db was exposed. They stored all ftp passwords in plain text along with db passwords and a bunch of other things (like the remote access to my self managed servers). Along with that the staff at our office did dumb shit like store customer email passwords in comment fields etc resulting in us having to change 3000+ email passwords on top of everything else. The shit needed to be addressed anyway, I just hoped that when that time came I would have a few weeks notice.
  • 1
  • 1
    @kurtr
    Man reading that was actually infuriating, worst part is under south african law there are almost 0 reprucussions for these breaches...the masterdeeds people wont face any charges

    Storing customer passwords in plaintext to "better serve our customers" i mean seriously they are a hosting company
  • 1
    @simpleJack I know exactly what you mean! Sadly our staff made the same fucking mistake (although it started when it was telephonically recommended by one of hetzners support staff 7 years ago).

    This stuff is actually covered by the POPI (protection of privacy and information) act which came into effect a couple of years back and was supposed to be coupled with crippling fines & penalties for non-compliance but to date hasn't been enforced.

    I am very familiar with the story of a guy (totally not me) who (accidentally) stumbled across a 30gb unsecured mongo instance 2 years back belonging to a SA cell company (unamed for legal reasons). It was far worse than the masterdeeds leak and aside from id no's contained public links to id copies, proof of residence and bank statements!

    Fortunately he used a throw away email address to report it since they replied with 30+ threats to sue the crap out of him which he generously responded to by giving them 24 hours to secure it before wiping it himself.
Add Comment