Account Takeover And CredentialsIncident

Password storage confusion, uppercasing before hashing not plaintext passwords

April 4, 2026Robert Graham

Robert Graham argues a reported password issue was not plaintext storage, but a case conversion step before hashing, and notes the message implies the opposite because they cannot recover users plaintext passwords.

Open in PulseSee the full expert discussion →

QUOTES

Um, no, they are still stored as hashes.

They were just converting text to upper-case before hashing.

There's no reason to believe they stored plain-text passwords.

VOICES

Robert Graham

RELATED TERMS

passwordsstored hashesstored hashesplaintext passwords

OTHER FINDINGS IN ACCOUNT TAKEOVER AND CREDENTIALS

LinkedIn hidden code collecting installed software and transmitting it to LinkedIn and third parties Email address unmasking despite Apple Hide My Email OpenAI Codex branch-name command injection stealing GitHub tokens

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security