http://www.computerworld.com/article/2981553/security/credentials-stored-in-ashley-madisons-source-code-might-have-helped-attackers.html
By Lucian Constantin
IDG News Service
Sept 8, 2015
If you're a company that makes its own websites and applications, make
sure your developers don't do what the Ashley Madison coders did: store
sensitive credentials like database passwords, API secrets, authentication
tokens or SSL private keys in source code repositories.
Judging by the massive amount of data leaked last month by Impact Team
from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained
extensive access to the Canadian company's IT infrastructure.
The ALM data dumps contained customer records and transaction details from
the Ashley Madison infidelity website, but also the email database of the
company's now-former CEO and the source code for the company's other
online dating websites including CougarLife.com and EstablishedMen.com.
A London-based security consultant named Gabor Szathmari has found
evidence that ALM's developers were careless with sensitive credentials,
which might have helped attackers once they gained a foothold on the
company's network.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
