Techly NewsGet the app

Get the latest tech news

DrawAFish.com Postmortem


A blameful postmortem of how my viral HackerNews project got compromised by legacy passwords, missing auth, and the perils of vibe coding.

Root Causes: Legacy 6-digit admin password exposed in past data breach Username update API lacked authentication JWT not tied to specific user This allowed some of the most intelligent and brilliant minds on the internet to find my password on the Neopets data leak paste, log in as an admin, and approve and disapprove some really disgusting and horrible fish. I let Copilot do all the work, I wrote no tests, and instead of writing TODOs and Documentation I simply said "I'll remember to change my password / add auth / understand this code later."

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Whoops

Whoops

Photo of Drawafish.com

Drawafish.com

Related news:

News photo

Whoops, I've been using Nintendo Music wrong

News photo

Whoops! Amazon served costly ads for products people couldn't actually buy

« Microsoft tops $4T in valuation: Great news for MSFT, not so great for workers
Texas Approves $216 Million Loan for NRG’s New Houston Gas-Fired Power Plant »