this post was submitted on 30 Mar 2025
227 points (97.5% liked)

Technology

68245 readers
5154 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
227
Privacy disaster as LGBTQ+ and BDSM dating apps leak private photos. (cybernews.com)
submitted 4 days ago by [email protected] to c/[email protected]
36 comments fedilink hide all child comments
 

BDSM, LGBTQ+, and sugar dating apps have been found exposing users' private images, with some of them even leaking photos shared in private messages.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 4 days ago (2 children)

How is he not fired? Incompetence and ignorance is one thing, but when you combine it with effectively insubordination... well, you better be right. And he is not.

[–] [email protected] 6 points 4 days ago* (last edited 4 days ago) (1 children)

Firmly agree, I don't believe he should have had access to change these password in the first place unless I'm misunderstanding their definition of test engineer, but if OP had the authority and permission to change the password in the first place, and that person deliberately changed it back to the insecure route again, management would be involved and there would some sort of reprimandment because that's past ignorance, that's negligence

[–] [email protected] 2 points 4 days ago (1 children)

It was an admin account to do regression testing for the admin interface and functions before prod releases.

I had my guys enable/disable the account during the testing pipeline so people can't login anymore.

[–] [email protected] 1 points 4 days ago

Why would you have regression on prod? Or why would you care what the password is on staging environments?

We have our lower environments (where all testing happens) on a VPN completely separated from prod, and testing engineers only ever touch those lower environments. Our Ops team manages all admin prod accounts, and those are completely separate from lower environment accounts.

So I guess I'm struggling to understand the issue here. Surely you could keep a crappy password for pre-prod testing? We even create a copy of prod as needed and change the admin accounts if there's something prod-specific.

[–] [email protected] 2 points 4 days ago

He was a subcontractor, so technically, he's not our employee.

I bubbled it up the chain on our side, and it hasn't happened since.