Who ever fired then without removing their credentials and network access is just as guilty.
According to court evidence, the incident began on Feb. 1, 2025, when Muneeb Akhter asked his brother for the plaintext password of a user who had submitted a complaint through the Equal Employment Opportunity Commission’s Public Portal. Sohaib allegedly queried the EEOC database to retrieve the credentials, which were then used to access the victim’s email account without authorization.
That shouldn’t be possible. Why were they storing passwords in plain text?
So can tell them what it is when they forget it. Duh.
They’re likely storing hashes. Which you can derive from the password.
You can’t un-hash a hash back into plaintext, though…
From the article: “According to court evidence, the incident began on Feb. 1, 2025, when Muneeb Akhter asked his brother for the plaintext password of a user who had submitted a complaint through the Equal Employment Opportunity Commission’s Public Portal.”
Copying and pasting doesn’t prove your point. HOW did they get the plain text password? Hashes aren’t reversible so they must be stored in plain text or are encrypted in a reversible fashion which is an amateur move as well. Either way, they somehow had access to the user’s password which is a huge no-no
Cracking hashed passwords is possible and not particularly special. Common tools for this are Hashcat and John the Ripper.
It is most likely these passwords were improperly stored but there are methods available that will easily break most users passwords.
