Sure enough, my account over at Spoutible was one of the ones affected by this. I've gone ahead and changed the password over there. www.troyhunt.com/how-spoutibl... - ThreadSky

scalzi.com • 398 days ago

Sure enough, my account over at Spoutible was one of the ones affected by this. I've gone ahead and changed the password over there.

https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/

Comments

peoriabummer.bsky.social•398 days ago

This is sensible advice from someone worth listening to.

https://bsky.app/profile/anildash.com/post/3kkoe6kvmxc2p

wsquared3d.bsky.social•398 days ago

I found Bot Sentinel useful back in the day, so I signed up early. Posted a few times, but lost interest. Deleted today. I prefer this place anyway.

dkeldsen.bsky.social•398 days ago

They explicitly say that your phone number is confidential, but:
This is a HECK NO, and yes, I’m in the field.

luciecatnip.bsky.social•398 days ago

I literally did not get an email.

Saw someone else point that out over there, and the response by another person was, "Just because you didn't receive an email doesn't mean it wasn't sent to you."

Actually, it does.

I wouldn't have known about this except by reading your skeet.

david-cornelson.bsky.social•398 days ago

I ranted when Spoutable was being developed that the guy had no clue how complex software development of a social network could be. I predicted this. He knew how to make things pretty and functional, but security was lost on him and his amateur team. He’s an idiot with secret advertising investors.

librarianjenne.bsky.social•398 days ago

I don’t know if mine was affected, but I changed my password. I did not get an email about it, but apparently saying that is a personal attack on the founder.

librarianjenne.bsky.social•398 days ago

(Mine was affected. And I did not get an email.)

librarianjenne.bsky.social•398 days ago

I ended up deleting. I was just saving my username, but that’s just too much.

greenbirdo.bsky.social•398 days ago

How are Christopher Bouzy's election predictions? I always found them interesting

matthewsp.bsky.social•398 days ago

The API returns users' hashed passwords?

WHAT ON EARTH?!

jl8e.bsky.social•398 days ago

And that’s not even the worst part!

flakyfoont.bsky.social•398 days ago

Spoutible maybe not the best choice of names. Or maybe ut was perfect

techguy3.bsky.social•398 days ago

Wow I had never heard of them, but sheesh! That article made for a real wtf moment.

How do companies (and developers for that matter make these types of mistakes.

It reminds me of a local auto dealer i found that had all of their finance applications enumerable by id with no auth checks at all.

techguy3.bsky.social•398 days ago

You could just change the id param in the url and get someone else’s application. They had years worth of applications before they switched to a different platform.

gregpak.net•398 days ago

Same. May end up deleting.

librarianjenne.bsky.social•398 days ago

I deleted. I don’t trust them (him?) at all. The ego is too big to actually learn and do better.

sazeracla.bsky.social•398 days ago

I did delete mine when I saw this -- I only had an account there so that someone else wouldn't take my standard username, but I never used it. Out the airlock it went. And I never trusted that guy.

seosamh.bsky.social•398 days ago

I can't even remember if I tried Spoutable in my search for a Twitter alternative

waxmonkey.bsky.social•398 days ago

i remember taking a good look at it and following the guy who was making it at the time but after a little bit i got the impression he was angry and unstable

seosamh.bsky.social•398 days ago

Yeah, I remember now. I took a pass on this one. He was the Bot-sentinel guy? I remember some drama on Twitter, enough to make me wary.

waxmonkey.bsky.social•398 days ago

yup thats it, thats how i became aware of him too bot sentinel

and yeah it was twitter, i saw the same thing

wmy.bsky.social•398 days ago

Can't believe I've never actually heard of Spoutible

suzbrockmann.bsky.social•398 days ago

I deleted mine.

damianaswan.bsky.social•398 days ago

I had made an account to reserve my name and see what it was like, but then there was the whole thing with head dude freaking out when Courtney Milan tactfully pointed out that the TOS was really bad and offered to help, so I deleted. Once he re-enabled the delete button, that is.

rickinbaltimore.com•398 days ago

I left Spoutible a while back. One issue I had with the site was the mentality if you made a criticism of the site, it was a personal attack on the site creator.

This right here? This is really bad, and was brought up as a security concern before.

beardedpip.bsky.social•398 days ago

The grading thing was creepy and not transparent. The place was quite cultish.

darkdwarf.bsky.social•398 days ago

I found that the spoutible cultists would stalk people around other social media and be nasty to them there in order to keep their sacred place "nice".

scalzi.com•398 days ago

I'm not frequently on it, because Bluesky won the role of my social media hang-out place over it.

emmiehine.com•398 days ago

Posted literally twice, forgot about it, and now get to log back in just to change my password 🙃

librarianjenne.bsky.social•398 days ago

They’re even acting like if you say you didn’t get an email about it (I didn’t,) it’s a personal attack on the founder.

jdmills.bsky.social•398 days ago

I felt it was too freakishly polite and very boring. The cult thing works.

glendudek.bsky.social•398 days ago

Still the same, as shown in this response to their security leak through their API: "Since our inception, we have faced an unparalleled barrage of attacks aimed at undermining our community... The timing of this incident, coinciding with our anniversary, is a stark reminder of the hurdles we face."

rickinbaltimore.com•398 days ago

Holy cow. The lack of accountability and grandstanding.

chickenlady.bsky.social•398 days ago

Yeah, it was a nice idea, but the execution was hmmm...
I think they just didn't have enough manpower and funding :/

hchaos.bsky.social•398 days ago

As someone who knows a bit about Internet security, I can tell everyone who doesn't know very much but thinks it looks bad, this is actually way worse than it appears. This cannot be fixed, the incompetence is just too great. No one involved in this can ever be trusted.

lgsmith.bsky.social•398 days ago

Thanks for amplifying this. They got me too. I don't post there (BlueSky won for me as well -- all the cool kids came here), but I still had an account over there gathering dust. Updated the ol' password. Now I have to collect all that dust all over again. :(

lambdacalculus.bsky.social•398 days ago

Just went back to delete my account. I only ever made an account there just to secure a username.

suigeneris1.bsky.social•398 days ago

Yeah, I just changed my password and that was about that. Of course, I don't use these sites for networking or professional work, so none of my information in account settings of any site is "real". Burner emails/phone numbers, and my IP is always via VPN.

Here is Bouzy's response, BTW:

realdeaconblues.bsky.social•398 days ago

Wow. This is the first time in my life that I even heard about that site existing.

brucearthursaz.bsky.social•398 days ago

Had an account set up over there, but never posted or used it since, so I just went ahead and deleted my account.

riverofcrows.bsky.social•398 days ago

Samesies. Thanks for the alert!

ajaxsinger.bsky.social•398 days ago

Mine, too. I just deleted the thing bc I hadn't been on there in forever. Still, ugh.

Comments

Posting Rules

Reply