pillowfort

HomeTag:pillowfort

Baby’s First Programming Disaster.

So turns out Pillowfort is aptly named in the “exactly as robust as it sounds” sense.

More thoughts here, but tl;dr people pointed exactly these issues out over a year ago and Pillowfort told us they’d been fixed. They lied.

Serious Professional Advice: If you have a Pillowfort account… don’t. Assume all data you’ve ever posted there—from your passwords to your post content—is compromised. If you’ve used the same password at Pillowfort that you’ve used on any other service, change it on all those other services.1

They aren’t going to learn and they aren’t going to get better; Pillowfort is a get-rich-quick scheme for its creators who want to be fandom billionaires and don’t care what damage they do to get there. Do not let them get away with it.

  1. Also please don’t reuse passwords.
2021-01-27T08:57:37+11:0027th January, 2021|Tags: , , , |

Oh Pillowfort, no.

Pillowfort… wut u doin’, man?

(With original credit here.)

Edited to add: From reports by other users, it seems Pillowfort isn’t doing any robust sanitization on usernames at all, allowing things like slashes and period and spaces that break their own UI. This is… not good. Weren’t they supposed to’ve done a “security audit” after their hack a few weeks back?

2018-12-20T09:01:46+11:0020th December, 2018|Tags: , , , , |
Go to Top