DaveApr 7, 2018
Bálint Szilakszi

Oh great, friday evening 🍿: tmobile austria is storing all user passwords as plaintext and people started to hack into their web frontend running a 2.6.x series kernel last updated in 2011.

Of course people on twitter are dogpiling on the company atm, but wow what a shitshow

Apr 6, 2018 at 9:05pmWeb
Show threadBálint SzilaksziApr 6, 2018
Tmobile getting owned friday evening by security researchers while I am a tmobile.at subscriber, shit is going down as they say
https://x0r.be/media/DcYQoA5heyh9J1QnpKA
Show threadwas B (this is my old account)Apr 6, 2018
@szbalint dang
Show threadKaren CApr 7, 2018

@szbalint @Gargron Tracfone emails the plaintext password to you when you click the "forgot my password" link. 💯

You get what you pay for, I guess.

Show threadKatherine MossApr 7, 2018
@szbalint Figures. Why does this not at all surprise me? It seems that in 2018, this is, shamefully, expected behavior.
Show threadder.hansApr 7, 2018

@szbalint sounds like the hired some LinkedIn architects.

Now they'll encrypt without salts.

Next time they get broken into they'll encrypt with salts.

Then they'll get bought by a large software company that's even worse with security