To be explicit: the attacker was given trusted access to the password database o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zmimon on May 6, 2009 \| parent \| context \| favorite \| on: I Just Logged In As You: How It Happened To be explicit: the attacker was given trusted access to the password database on another site and violated that trust. The fact that the site used poor security and that Jeff was stupid enough to use the same password in two places doesn't mitigate it. I was expecting the answer to be that Jeff somehow revealed his real password publicly somewhere, not that this idiot stole it from a database that he had trusted access to. This would be grounds for instant dismissal or even legal action in my book.

dinkumthinkum on May 6, 2009 [–]

But that's irrelevant once your identity is stolen.

zmimon on May 6, 2009 | [–]

It might be irrelevant to Jeff, but it wouldn't be irrelevant to me if I was the one employing this person to work on my web site.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact