

Tuts+ accounts hacked - User passwords stored in CLEARTEXT - zeantsoi
http://notes.envato.com/general/tuts-premium-security

======
stephenr
They _knew_ the "plugin" stores passwords in clear text and still chose to use
it.

I don't care if they had a plan to move away from it. That's not good enough.

Seriously how fucking hard is it to do things properly?

~~~
zeantsoi
Clearly, this was a disaster waiting to happen. Not that it would ever happen,
but if websites were required to disclose how sensitive information was
stored, I'd guess this sort of intrusion would be far less common, since no
one would use a site that left passwords unencrypted/salted/hashed. Tuts+ is a
HUGE service... 660 on Alexa today. I am beyond frustrated.

Makes a big case for OAuth in my mind.

~~~
stephenr
I wish you were right, but check out the comments on the original article.
Plenty of people whose response is "these things happen, good luck guys"

Plenty of developers have no fuckin clue about basic security, so why would
users of a tutorial site?

------
septerr
What is Tuts+ about?

~~~
zeantsoi
Subscription-based Web/Photoshop/Illustrator/AV tutorials.

------
drdoooom
the irony.

