Browserstack hack https://twitter.com/browserstack Dear BrowserStack User, We are unfortunately displeased to announce that BrowserStack will be shutting down. After much consideration on our part, we have realized we were negligent in the services we claimed to offer. In our terms of service, we state the following:
Unfortunately, we have blatantly lied. Not only do all of our administrators have access, but so does the general public. We have no firewalls in place, and our password policies are atrocious. All virtual machines launched are open to the public, accessible to anyone with the alpha password "nakula" on port 5901, a password which is stored in plaintext on every VM. As well, our infrastructure uses the same root passwords on all machines, which is also stored in plaintext on every VM launched ("c0stac0ff33").Given the propensity for cyber criminals to target infrastructure services such as ours, it is almost certain all of your data has been compromised. These passwords take no less than 15 minutes to find for anyone who is looking. We hope we have not caused you too much trouble, and to our enterprise customers who signed deals contracts based on a fabrication, we are equally sorry. Sincerely, The BrowserStack Team |