

Ask HN: How are large tech sites such as LivingSocial and Evernote hacked? - Anonymous176

Hi,<p>How are large tech sites such as LivingSocial, Zappos, LinkedIn and Evernote hacked?<p>I don't understand how these database tables are accessed. Surely it is not SQL Injection, as that should be a thing of the past with prepared statements, I cannot see how changing any session state would effect the application as Unit Tests would have already picked this up, and I cannot imagine that hackers would easily be able to gain root access to the machines which be locked down, with a SSH key.<p>I ask this because I manage a large database with fields (FirstName, Surname and DOB) and wondering how safe this data is.<p>Thanks
======
27182818284
In my experience it never, ever, ever, ever, ever has been that they didn't
_know better_ but rather it was a time/money issue. Someone makes a page that
needs to be used by two or three people only and doesn't bother to secure it
because it is quick and dirty project done that afternoon. The developer
throws the project together and pushes it out.

Then 18 months later it is exploited :-/

------
t0
You'd be surprised. There are sites out there with millions of users designed
by amateur programmers. It really is as simple as SQL injection.

