Credentials stored in Ashley Madison’s source code might have helped attackers
The company’s developers were careless with sensitive credentials and secret keys, a security consultant found.
If you’re a company that makes its own websites and applications, make sure your developers don’t do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.
Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com’s owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company’s IT infrastructure.
To read the entire article, please click here.