Millions of utilities customers’ passwords stored in plain text

27 February 2019

In September, a security researcher discovered that their power company’s website was offering to email passwords to users who lost or forgot them… …as in, emailing in unencrypted plain text, with no salting and nary a dab of hash, to whoever might pop in a given user’s email address, instead of offering the far more secure “password reset” option. The independent security researcher, who chose to remain anonymous, told the story to Ars Technica contributor Jim Salter, who referred to the researcher as “X” in his writeup of what ensued.

Read full news article on Naked Security

Date:

27 February 2019

Categorie(s):

NEWS

Tag(s):

Data Loss, Password Hashing, Passwords, Privacy, Security Threats

China’s Volt Typhoon reportedly breached Singtel in ‘test-run’ for US telecom attacks6 November 2024
Snowflake data theft suspect arrested in Canada6 November 2024
Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale6 November 2024
Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024