1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Credentials stored in Ashley Madison's source code might have helped attackers

Discussion in 'Network World' started by RSS, Sep 8, 2015.

  1. RSS

    RSS New Member Member

    If you're a company that makes its own websites and applications, make sure your developers don't do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.

    Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company's IT infrastructure.

    The ALM data dumps contained customer records and transaction details from the Ashley Madison infidelity website, but also the email database of the company's now-former CEO and the source code for the company's other online dating websites including CougarLife.com and EstablishedMen.com.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page