You must log in or register to comment.
My dumbass read “github” and I had a small heart attack.
I was right there with you
Even if it was github, they have mandatory 2fa now which would help. Still some risks for people who reuse passwords on other services or if their 2fa got compromised (sim swaps), etc but wouldn’t be full blown catastrophic
I thought the point of salting was that the reuse doesn’t matter as much?
The passwords are encoded using the SHA1 cryptographic hash, which is widely considered vulnerable.
Jesus, they’re not even using SHA-2. It’s been available for ages.