Ask coding questions

← Back to all posts
Can someone tell me about the DB hacking on Repl.it?
tussiez (1669)

I've been browsing the feed of Repl.it, and more and more Repls using the Repl.it DB seem to be "hacked", where account names have been exposed, and possibly passwords.

I'm a bit concerned about my account security. Are our accounts safe? Can Repl do anything about the account interface?

The Repl attached is empty, as this is more of a general question.

Answer

programmeruser: Repl.it DB does not have any connection to your repl.it account. The repls are being hacked since they are practicing poor security practices such as exposing their DB url (trusting the client to control the database) and not hashing passwords.

Answered by programmeruser (597) [earned 5 cycles]
View Answer
Comments
hotnewtop
programmeruser (597)

Repl.it DB does not have any connection to your repl.it account. The repls are being hacked since they are practicing poor security practices such as exposing their DB url (trusting the client to control the database) and not hashing passwords.

AloegelhiPlaysR (131)

This is why something a like a .env file should hold the URL. @programmeruser

tussiez (1669)

@programmeruser That's good to know!
Would this mean that if I logged into a Repl with my Repl account, can my account be found?

tussiez (1669)

@tussiez Luckily people are beginning to hash passwords, which is a good thing. Repl still needs to work on their database security.

programmeruser (597)

@tussiez it's not Repl's fault, it's the creator of the repl's fault.

tussiez (1669)

@programmeruser Ah. Thank you for the clarification!

Baconman321 (1097)

@programmeruser DB URL? What do you mean? I used golang without having the DB url?