No, that doesn't make sense at all.
https://twitter.com/ppentestlabs/status/1202906268991664128 …
Maybe, but it's seems pretty contrived situation that an attacker would be able to access password hashes and not any other data already, no?
-
-
Social engineering their support team would be easy. That is a big deal - hashing protects against more than SQL injections..
-
Hmm, an attacker has dumped their entire user database, so now they call support and say "I'm user xyz and my password is abc, can you do...?", I'm not sure what there's left to gain?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.