Blind is a workplace social network that lets employees at various companies discuss sensitive topics anonymously. The company describes it as a safe place where workers can talk about salaries, workplace concerns and employee misconduct without being identified. But Blind recently left a database server unsecured, exposing some of its users' account information, including their corporate email addresses.
The data exposure was first reported by TechCrunch, and it was uncovered by a security researcher going by the name Mossab H. The database included user posts and private comments as well as passwords that were stored via the outdated MD5 algorithm. TechCrunch said it was able to unscramble many of those passwords using easily accessible tools. Further, while TechCrunch didn't find any comments or messages linked to email addresses, it did find email addresses, many stored in plaintext, that were linked to members that hadn't yet posted on Blind.
The link for this article located at Engadget is no longer available.