pull down to refresh

0 sats \ 5 replies \ @k00b 6 Jan \ parent \ on: deleted by author security
We had a DoS attack and a DDoS attack. Both made the site unusable for until we figured out mitigations.
write
preview
0 sats \ 4 replies \ @ooo OP 6 Jan
deleted by author
reply
0 sats \ 3 replies \ @k00b 6 Jan
Whenever there are problems like this we've posted about it. We haven't been robbed. We don't store email addresses in plaintext associated with accounts (we hash them). We haven't had accounts robbed to our knowledge.
The biggest problem like this that we've had is a rewards bug that overpaid people: #217122
The DoS stuff was posted about too but I don't have the time to find it.
reply
0 sats \ 2 replies \ @ooo OP 6 Jan
deleted by author
reply
21 sats \ 1 reply \ @k00b 6 Jan
In general we try to be very cautious about what we store:
  • we don't store spending credentials for attached wallets in plaintext on the server
  • we hash user email addresses
  • we allow hard/deep deletion of withdrawal invoices after 7 days
reply
0 sats \ 0 replies \ @ooo OP 6 Jan
deleted by author