Webflow error kept passwords in plain text

[R0binHood]

Just got an email from Webflow, even a company with $74M in funding is able to mess up passwords.

On Monday, October 14, 2019, we learned that, due to a bug in a recent update to our signup flow, your Webflow password was recorded in plain text when you signed up.

At present, we have no reason to believe that an unauthorized party has accessed this data. We're simply informing you because we believe in honesty and transparency. But we do ask that you update your password immediately.

To address — and in the future, prevent — this issue, we immediately:

1. Deployed a fix to correct the flawed logging behavior
2. Deleted all references to passwords in our logs
3. Added safeguards to ensure that logging of passwords cannot occur in the future

Again, we have no reason to believe that anyone has accessed this data. But we do strongly encourage you to update your password now.

We're genuinely sorry for the inconvenience, and thank you for bearing with us. If you have any questions at all, feel free to email us at privacy@webflow.com.

– The Webflow Team

Seems these were caught in log files as opposed to being stored normally in plain text. That's at least 3 big cases recently where passwords have been stored in plain text by large companies, if you include the facebook/instagram issues in the last few months.

 

[MagicalAzareal]

Just got an email from Webflow, even a company with $74M in funding is able to mess up passwords.

Seems these were caught in log files as opposed to being stored normally in plain text. That's at least 3 big cases recently where passwords have been stored in plain text by large companies, if you include the facebook/instagram issues in the last few months.

It happened to Twitter too.