this post was submitted on 03 Jul 2024
118 points (100.0% liked)
Cybersecurity
5283 readers
139 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What confuses me is even a half-competent audit and pentest would absolutely have found an api endpoint that's going to absolutely leak customer data, so the assumption I have to make is that, yet again, a "security" company can't be fucked to do the bare minimum to ensure their security shit is you know, secure.
Posting this against your comment for visibility, I would recommend anyone that was using authy switch to bitwarden's dedicated 2F authentication app. The company maintains several security compliance certificates and fairly regularly gets audited which they post publicly at https://bitwarden.com/help/is-bitwarden-audited/
Oh neat. I use their password manager but totally somehow missed them releasing a separate 2fa app.