Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@ArcaneEye caches we can control were cleared and it was put on our site so we control most of them. But no, no additional checking was done to ensure it wasn't cached, and no one is changing the password to make sure it is invalidated.
-
Wack61917yDid you also check googles cache and the way back machine?
Plus make sure to leave/create a paper trail. Write an email to managment, explaining what happend, what you propose to do and what could be consequences (include financial and reputation damages) and include, that they stated not to do anything. Something like "this to summarize our conversation about the security breach".
That way, no matter if something bad happens or not your ass is covered. Always remember HR is there to protect the company and not you. -
@Wack paper trail, investigation, emails, write up, has all been done and ignored as expected. I can only lead the horse to water.
I told them today that they would solve their roof leaking on their heads by carrying an umbrella.
Related Rants
Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.
Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.
Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.
rant
passwords
security 101
management