74
JS96
6y

You, stupid fucking game, have just sent me my new password in plain text via email?

"the password is encrypted and cannot be sent again"???
So… you send the password in plain text, and only then encrypt it, right?
But it's still in plain text in your email logs, fucking bastards.

Comments
  • 14
    I bet they used your new password that you typed to hash it in the db with a salt, and then simultaneously shot the new one off to your email while it was still in memory. If I'm right, "encrypted" is the wrong word to use here, as the hash is irreversible.

    Either way, very stupid and shame on them.
  • 5
    Good fucking job, idiots.
  • 1
    There is no difference then sending a one time url or a one time password over sms. A one time password should not have issues.
  • 6
    They already are on plaintextoffenders.com, I suggest you get one of the browser-addons that rely on this list.
  • 2
    Well, sending plain passwords is dumb, but I scroll through mail server logs every day and there's no such thing like logging the *content* of the mail
  • 0
    What game is it?
  • 0
    @Codex404 this isn’t a one time password. They send it to you every time you change it.
  • 1
    @ng1905 ok then, but emails aren’t a secure transmission system, they shouldn’t be use to send this kind of information
  • 1
    @Gregozor2121 Airlines Manager
  • 0
    @JS96 okay, never seen that myself.
Add Comment