@sophia I've met that guy. He's pretty rad. And smart.
And taught me a lot during his talk about image file forensics (iirc), and how much data remains. 🙃

@polychrome It was 8 years ago, so I dunno. I think maybe not because he's the kinda person that likes to stay anon? @sophia

@sophia Storing a password in clear is secure, as it's illegal to intrude in someone else's database.

To authenticate you over the phone they ask you three characters from your password, so call center employees can see the plain text passwords too.

@sophia after showing this to my wife, she shared this one from #TMobileAustria, from April 2018, with me: reddit.com/r/sysadmin/comments
and from the same thread, also: twitter.com/hanno/status/98253

(Now I wonder/hope *they* have at least cleaned up their act by now)

#SecurityFail #infosec #TMobile #Fail

@FiXato I remember this, we all gave them an absolute pasting over it

it's a shame the original reply from tmobileat is gone
If they'd posted an update with their new security precautions, it could've helped restore some trust in them; now I'm left to wonder if this ever actually got fixed, or if they still store #plainTextPasswords / two-way encrypted passwords, or if they actually switched to a hashed/salted approach.

Sign in to participate in the conversation

sparkle sparkle, bitches