top | item 38530265

(no title)

Small world. Only yesterday I read that great comment from user adameasterling about credential stuffing in another thread [1]

> Troy Hunt is such a treasure. And for us web application developers, there is no excuse for not having protection against credential stuffing! While the best defense is likely two-factor, checking against Hunt's hashed password database is also very good and requires no extra work for users!

That user even listed 23andMe [2] as an example but it's from 60 days ago. This incident is referenced on the techcrunch article.

[1] https://news.ycombinator.com/item?id=38521106

[2] https://news.ycombinator.com/item?id=37794379

discuss

No comments yet.