- Joined
- Nov 23, 2011
- Messages
- 1,490
Just got an email from Webflow, even a company with $74M in funding is able to mess up passwords.
Seems these were caught in log files as opposed to being stored normally in plain text. That's at least 3 big cases recently where passwords have been stored in plain text by large companies, if you include the facebook/instagram issues in the last few months.
On Monday, October 14, 2019, we learned that, due to a bug in a recent update to our signup flow, your Webflow password was recorded in plain text when you signed up.
At present, we have no reason to believe that an unauthorized party has accessed this data. We're simply informing you because we believe in honesty and transparency. But we do ask that you update your password immediately.
To address — and in the future, prevent — this issue, we immediately:
1. Deployed a fix to correct the flawed logging behavior
2. Deleted all references to passwords in our logs
3. Added safeguards to ensure that logging of passwords cannot occur in the future
Again, we have no reason to believe that anyone has accessed this data. But we do strongly encourage you to update your password now.
We're genuinely sorry for the inconvenience, and thank you for bearing with us. If you have any questions at all, feel free to email us at privacy@webflow.com.
– The Webflow Team
Seems these were caught in log files as opposed to being stored normally in plain text. That's at least 3 big cases recently where passwords have been stored in plain text by large companies, if you include the facebook/instagram issues in the last few months.