Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Due to a bug, passwords were written to an internal log before completing the hashing process.

Hate to speculate, but it sounds possibly like perhaps a debug statement/log level had been enabled for testing and forgotten about?



You wouldn't even need that -- just a request log that included the request body without sanitizing it first :)


That would have never happened to me. Not ever!


Pretty much. Apparently github did something similar and now people are curious about the library/framework. Why is it so obvious that they both used the same library?


my thoughts exactly, wondering what they are all using.


Many of twitter's services use this: https://github.com/twitter/finatra




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: