In any sufficiently large corporation, there are so many different accounts/cred... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		whack on Jan 13, 2018 \| parent \| context \| favorite \| on: Uber’s Payment to a Hacker, and the Fallout In any sufficiently large corporation, there are so many different accounts/credentials floating around, that it's hard for anyone to keep track of them all. It's possible that the engineering team may have already invalidated the credentials that were published on GitHub. It's possible that those credentials were actually a bait, meant specifically to distract potential hackers. Asking for proof is a very quick and easy (and sloppy) way to get around all of the above.

daveFNbuck on Jan 13, 2018 [–]

Private user information isn't proof that valid credentials were published on GitHub. It would be faster and easier to ask for actual proof in the form of a link to a valid credential published on GitHub, and that would actually prove that they were published.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact