1. 8
  1.  

  2. 4

    This Polish article has the exact email sent to users in English.

    I had an account with scrum.org but I did not receive a warning email. Why? My previous employer paid for the training and one of the requirements was creating an account on scrum.org with the company email. I no longer have access to that email so scrum is not able to inform me that my data was leaked. I blogged about shadow leaks recently. That’s literally what I meant - my data being leaked and not getting informed about it.

    1. 4

      What do they mean by password decryption key ? Why would they store user passwords in a symmetrically encrypted way ?

      1. 1

        This summer, we are also moving to a new software vendor that provides greater password security.

        Haha! Anyway, if they can recover the plain text passwords using their “password decryption key” at least they can then salt and hash them properly :P

        1. 1

          They have a “vendor” for password security??? This sounds like seven levels of outsourced consultant hell.

      2. -2

        Is this surprising, given that “Scrum” is a time-honored managerial excuse to force engineers to do shoddy piece work?

        1. 9

          You know, that isn’t a very constructive comment. I have no great love for Scrum, but your anti-Scrum faeces-flinging noise is getting really quite boring now, and drowning out your more constructive contributions.

          1. 1

            It’s relevant here. Scrum is all about shoddy, business-driven engineering… so Scrum.org getting hacked is completely relevant.

            1. 14

              It is entirely possible that you are correct but people are unwilling to hear what you have to say, because of the frequency with which you say it.

              You are shoe-horning this in. You really are. When I read this story, and come to the comments, I am not interested in how scrum is bad (it is) or how it is detrimental to our workforce (also, you know, it is). I’m interested in IT horror stories, which orthogonal to scrum. Maybe scrum is related, maybe it isn’t, but a site got hacked, and scrum isn’t to blame any more that scrum was to blame for Adobe getting hacked from the exact same vulnerability.

              You need to listen to stig’s original reply, I do really think you’re not hearing him. This is said as someone who likes your blog and your writing style in general – I’m not looking to put you down, but to make you see what you’re missing.

              You’re right, of course, that it is relevant. It just isn’t constructive. The two aren’t the same. Nor is it thoughtful, incisive, or deeply critical, which is what I expect from someone like you, or really from any user of this site.

              C'mon, man. Don’t take cheap shots. Not here.

              1. 4

                I considered it relevant, but I see what you’re saying. I probably made a certain leap too soon.

                1. 3

                  Thank you for articulating what I meant!

                  It is entirely possible that you are correct but people are unwilling to hear what you have to say, because of the frequency with which you say it.

                  This is so eloquently put: bravo!