Nothing's more horrible than real life scenarios so:
I worked on this dating site as a main and only developer, and it was my first jobs so not much experience. One day, while working on the site, I commented some parts of code that was interfering my work, like popups and "show this only for certain users"-elements. But I got things done so: git commit, git push, test that it works in demo and live. Good, log out, pack my things, say bye to the rest of the team and go home.
Next day I come back, get coffee, say hi to people, log on and check my mails.
There's a new mail in the support account's inbox from some user.
"I just logged in to my account, but I realized that I typoed my password. I checked and the password doesn't have to be even right. Is this normal?"
That's weird, but I'll check the login page's code right away.
And there I see the answer.
$password = $_POST["password"];
$checkPassword = true; // checkLoginCredentials($username, $password);
I did the fastest update I've ever done, let the user know that it was no big deal, told the manager and tried to check if other accounts were abused.
I didn't find any abuse, but to be honest:
There wasn't any monitoring for logins.
That site has been dead for years now, it only had maybe a hundred users when that happened so no big damage done.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nothing's more horrible than real life scenarios so:
I worked on this dating site as a main and only developer, and it was my first jobs so not much experience. One day, while working on the site, I commented some parts of code that was interfering my work, like popups and "show this only for certain users"-elements. But I got things done so: git commit, git push, test that it works in demo and live. Good, log out, pack my things, say bye to the rest of the team and go home.
Next day I come back, get coffee, say hi to people, log on and check my mails.
There's a new mail in the support account's inbox from some user.
"I just logged in to my account, but I realized that I typoed my password. I checked and the password doesn't have to be even right. Is this normal?"
That's weird, but I'll check the login page's code right away.
And there I see the answer.
$password = $_POST["password"];
$checkPassword = true; // checkLoginCredentials($username, $password);
I did the fastest update I've ever done, let the user know that it was no big deal, told the manager and tried to check if other accounts were abused.
I didn't find any abuse, but to be honest:
There wasn't any monitoring for logins.
That site has been dead for years now, it only had maybe a hundred users when that happened so no big damage done.