Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

[p_rude]

It is neither a standard practice nor a best practice to give your devs access to your production auth databases.

[icedchai]

Perhaps not in more mature organizations, but it's standard practice at every startup I've ever worked for. One place had the dev office VPN'd into production at all times.

[glenneroo]

Did any of those startups have 200-600 million users?

[icedchai]

No, these were small organizations. I'm just saying it's not uncommon. Sadly, some places don't even have a dev environment...