Would you relax? If what Twitter says is true (and there's no reason to think it's not), these were passwords which were logged to plaintext logs, which only people internal to the company can read.
We're not talking about a massive password breach, a bunch of script kiddies who found a database of plaintext credit cards by going to /admin.php and logging in with "admin / admin", or anything like that. We're talking about a mistake Github themselves made (and if you think Github doesn't know what they're doing in terms of security, I question your judgement).
Furthermore, when was the last time there was a major security breach at Twitter? You're claiming they're "keeping" bad developers and not learning from their mistakes as if this was a regular occurence for them.
And coming from me, I don't usually defend security breaches and malpractice. This doesn't really qualify. They made an official announcement, notified all users, even unaffected ones, both by email and on first login; that's more than you can ask them to do.
What bothers me about reactionary posts like yours is they give negative feedback to companies who actually do right by their breaches, which as is well known in the security field, is a matter of when, not if.
We're not talking about a massive password breach, a bunch of script kiddies who found a database of plaintext credit cards by going to /admin.php and logging in with "admin / admin", or anything like that. We're talking about a mistake Github themselves made (and if you think Github doesn't know what they're doing in terms of security, I question your judgement).
Furthermore, when was the last time there was a major security breach at Twitter? You're claiming they're "keeping" bad developers and not learning from their mistakes as if this was a regular occurence for them.
And coming from me, I don't usually defend security breaches and malpractice. This doesn't really qualify. They made an official announcement, notified all users, even unaffected ones, both by email and on first login; that's more than you can ask them to do.
What bothers me about reactionary posts like yours is they give negative feedback to companies who actually do right by their breaches, which as is well known in the security field, is a matter of when, not if.