
Producteev User – Notice of Data Breach - azizur
https://gist.github.com/azizur/40003633b56306f1f871602b09e51f18
======
awill
I just got the email from them admitting the data breach. "We want to inform
you of an issue involving your Producteev username (i.e. your email address)
and password. We learned on August 24 that your Producteev username and
password had been held in a file outside our normal encryption procedures, and
we believe that this file was potentially accessed by an unauthorized third
party. We cannot confirm that your username or password was compromised, but
we are notifying you so that you may take protective action."

So, they were holding usernames and passwords in plain text somewhere! What a
terrible, clueless company. How on earth are passwords stored "outside our
normal encryption procedures" It sounds like they didn't get hacked. They just
published all the passwords in a public place and aren't sure if anyone
visited the URL.....

------
azizur
Hello HN,

I could someone help me verify if this Data Breach is actually true?

When I visit the login page it says:

"Please Note

For your security, on Friday, 23 September 2016, all passwords were cleared.
You must set a new password before you can log in (if you have not done so
already). To do so, click the Forgot Password link below and follow the
prompts."

Thanks

------
rexbee
Companies typically wait until Friday afternoon to release news like this with
the hopes it will flush out of the news cycle by Monday

