this post was submitted on 13 May 2026
407 points (98.8% liked)

Technology

84583 readers
4114 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
407
Twin brothers wipe 96 gov't databases minutes after being fired (arstechnica.com)
submitted 19 hours ago by FTonsilStones@lemmy.ca to c/technology@lemmy.world
56 comments fedilink hide all child comments
 

A case study in why credentials are revoked before firings.

you are viewing a single comment's thread
view the rest of the comments
[–] Cytobit@piefed.social 143 points 19 hours ago (6 children)

Why were they storing passwords in plaintext in the databases?!

[–] LadyMeow@lemmy.blahaj.zone 140 points 19 hours ago

First time reading about government systems, eh?

[–] echodot@feddit.uk 31 points 16 hours ago (1 children)

Because like all critical infrastructure it was setup by somebody's kid on work experience

[–] IWW4@lemmy.zip 10 points 14 hours ago (1 children)

Or some poor guy who is setting it up, because it is a one off and just get it done project, that metastasizes into a fucking mess.

[–] scytale@piefed.zip 3 points 11 hours ago (1 children)

Or lowest bidder contractor.

[–] IWW4@lemmy.zip 2 points 11 hours ago (2 children)

All contracts go to the lowest bidder.

[–] village604@adultswim.fan 2 points 20 minutes ago

Fun fact, if the federal government contracts your company for a service, you arent legally allowed to sell it others for less.

[–] Corkyskog@sh.itjust.works 1 points 3 minutes ago

That's only usually true, but heavily depends on category. If someone is offering some service like software or managing employee benefits it can often be outweighed by other factors.

[–] WereCat@lemmy.world 38 points 18 hours ago (2 children)

Why not? National Safety Department of Slovak Republic (Narodny Bezpecnostny Urad) had password NBUSK123… just government things

[–] testaccount789@sh.itjust.works 17 points 16 hours ago

No, that was a bit different.
login: nbusr
password: nbusr123

[–] msage@programming.dev 9 points 16 hours ago

The K in password doesnt match Republic in the name.

Totally secure.

[–] betterdeadthanreddit@lemmy.world 17 points 18 hours ago

It's like leaving your car door unlocked in a bad neighborhood so your window doesn't get smashed for the $.36 in the center console. Attacker might take the prize and go without showing that everything around it is just as poorly-built.

[–] JeeBaiChow@lemmy.world 5 points 17 hours ago

Well how else would they help the users if they ever forgot their passwords? Duh.

/s

[–] CosmoNova@lemmy.world 5 points 18 hours ago (1 children)

Probably for the same reasons web browsers store them in plain text: They don‘t care.

[–] OwOarchist@pawb.social 11 points 17 hours ago (3 children)

the same reasons web browsers store them in plain text

Why one web browser stores them in plain text. Fucking Edge.

Who knows about the others, but I can pretty much guarantee you that Librewolf, for example, isn't doing that shit.

[–] VeganCheesecake@lemmy.blahaj.zone 9 points 17 hours ago (1 children)

If you can autofill passwords without authenticating in some way, they are probably either stored in plaintext, or encrypted with a key that is stored in plaintext. Cause, like, how is it supposed to magically encrypt it.

[–] wreckedcarzz@lemmy.world 2 points 15 hours ago

That's how computers work, dummy. Magic.

[–] CosmoNova@lemmy.world 2 points 13 hours ago

Firefox and chromium browsers also store them in plain text. I know because I literally copied them from a file when setting up my password manager.

[–] railwhale@lemmy.nz 4 points 17 hours ago

I believe Firefox (and forks) only encrypt if you have set a master password.