OK, first, this whole Path privacy thing that blew up in the past few days.
Now, it seems that Microsoft Store in India was hacked and passwords were exposed.
While these events seem completely unrelated (and on the surface they are completely unrelated), they have something in common. This something is a little thing called hashing.
Rule #1 for every app or website developer out-there is do not store passwords in clear text. This is evil. If your application or website or whatever other outstanding piece of software engineering you are working on breaks this rule, you do not deserve to call yourself a developer.
No excuses here. No. Excuses.
This same concept of hashing the passwords applies to many other pieces of sensitive information. This is where the Path case comes in. Instead of storing phone numbers or emails or names in clear text, you should hash them. Then compare hashes much in the same way you compare password hashes during login. It is simple.
Your database server could be behind the most restrictive firewall in the world. It could be in a bunker guarded by a thousand armed men. It doesn't really matter. It doesn't excuse you for doing crappy things as a developer.
And in many cases, it takes just a bit of thinking and a pinch of responsibility.
Thinking is easy. This is why we're developers in the first place.
