Jump to content

Pastebin a security nightmare

Fasterthannothing
 Share
Posted

Ok if this doesn't belong in tech news feel free to move it. I saw someone saying you could see current things pasted to pastebin so I went digging turns out you can see a lot of stuff. Infact they have a section on their website labeled archives and on that page you can see live pastebins and the information. For example in less than 10 min I found a hack to get people's discord information in Roblox, over 2k emails and passwords, an internal link to a big data website owned by Uber (I don't know where the link went I didn't go to it) and login info to lots of NordVPN customers. This is a major security concern that needs to be brought up. 

 

https://pastebin.com/archive

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So... You found stuff that Pastebin is typically used for.... Congrats?

Main rig on profile

VAULT - File Server

Spoiler

Intel Core i5 11400 w/ Shadow Rock LP, 2x16GB SP GAMING 3200MHz CL16, ASUS PRIME Z590-A, 2x LSI 9211-8i, Fractal Define 7, 256GB Team MP33, 3x 6TB WD Red Pro (general storage), 3x 1TB Seagate Barracuda (dumping ground), 3x 8TB WD White-Label (Plex) (all 3 arrays in their respective Windows Parity storage spaces), Corsair RM750x, Windows 11 Education

Sleeper HP Pavilion A6137C

Spoiler

Intel Core i7 6700K @ 4.4GHz, 4x8GB G.SKILL Ares 1800MHz CL10, ASUS Z170M-E D3, 128GB Team MP33, 1TB Seagate Barracuda, 320GB Samsung Spinpoint (for video capture), MSI GTX 970 100ME, EVGA 650G1, Windows 10 Pro

Mac Mini (Late 2020)

Spoiler

Apple M1, 8GB RAM, 256GB, macOS Sonoma

Consoles: Softmodded 1.4 Xbox w/ 500GB HDD, Xbox 360 Elite 120GB Falcon, XB1X w/2TB MX500, Xbox Series X, PS1 1001, PS2 Slim 70000 w/ FreeMcBoot, PS4 Pro 7015B 1TB (retired), PS5 Digital, Nintendo Switch OLED, Nintendo Wii RVL-001 (black)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
5 minutes ago, flibberdipper said:

So... You found stuff that Pastebin is typically used for.... Congrats?

This shouldn't be typical all they need to do to fix this is get rid of the ability to see people's pastebins without at least a link (really it should be a link and a pin). The fact that you think this is ok and normal shows how lax we have allowed companies to be with our data. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Shorty88jr said:

This shouldn't be typical all they need to do to fix this is get rid of the ability to see people's pastebins without at least a link (really it should be a link and a pin). The fact that you think this is ok and normal shows how lax we have allowed companies to be with our data. 

F**K that. This is freedom of speech 101.

U don't like it, just don't look at it.

See all the fun here: https://linustechtips.com/main/profile/607425-phas3l0ck/content/?type=forums_topic&change_section=1

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I just think it's too bad this "archive" page doesn't show entire pastes up front. no, you have to open the link to see the text. Don't think I'm lazy, I click links here all the time to see what they are, but hardly find anything worth looking at. Other stuff I simply don't understand like code pastes (I'm sooo not a programmer at all)

See all the fun here: https://linustechtips.com/main/profile/607425-phas3l0ck/content/?type=forums_topic&change_section=1

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Uh... these are pastes that users kept as public. It's not "a security nightmare" if your user chooses to make their paste a public one.

A girl who loves to love.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, Shorty88jr said:

Ok if this doesn't belong in tech news feel free to move it. I saw someone saying you could see current things pasted to pastebin so I went digging turns out you can see a lot of stuff. Infact they have a section on their website labeled archives and on that page you can see live pastebins and the information. For example in less than 10 min I found a hack to get people's discord information in Roblox, over 2k emails and passwords, an internal link to a big data website owned by Uber (I don't know where the link went I didn't go to it) and login info to lots of NordVPN customers. This is a major security concern that needs to be brought up. 

 

https://pastebin.com/archive

No, it's not a security concern. If that stuff is out there it's not pastebin's fault - if someone pasted it there it was already public information or at least would have been through another platform.

6 hours ago, Shorty88jr said:

This shouldn't be typical all they need to do to fix this is get rid of the ability to see people's pastebins without at least a link (really it should be a link and a pin).

No, that's not what pastebin is for. It's clearly stated that your paste will be public. If you've pasted private information into pastebin that's your fault.

6 hours ago, Shorty88jr said:

The fact that you think this is ok and normal shows how lax we have allowed companies to be with our data. 

No, the fact that you think this is a problem shows you have no idea what you're talking about. If you pasted private information on this forum or any other public platform would you expect the forum to only show your thread to those who have a direct link?

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×