Does T-Mobile Austria in fact store customers’ passwords in clear text @tmobileat? @PWTooStrong @Telekom_hilfthttps://twitter.com/SeloX_AUT/status/981406875811008513 …
Hello Claudia! The customer service agents see the first four characters of your password. We store the whole password, because you need it for the login for http://mein.t-mobile.at ^andrea
-
-
Thanks for your reply Andrea! Storing cleartext passwords in a database is a naughty thing to do. http://plaintextoffenders.com/faq/devs What can we do to get your devs to fix that?
-
Hi
@c_pellegrino, I really do not get why this is a problem. You have so many passwords for evey app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear. ^Käthe -
Well, what if your infrastructure gets breached and everyone’s password is published in plaintext to the whole wide world?
-
@Korni22 What if this doesn't happen because our security is amazingly good? ^Käthe -
Bad news for you Käthe, nobody’s security is that good. No, not even yours. It’s not that I say you are 100% getting hacked - what if an employee accesses the database directly?
-
@Korni22 Excuse me? Do you have any idea how telecommunication companies work? Do you know anything about our systems? But I'm glad you have the time to share your view with us. ^Käthe -
Well, I do since I worked for
@deutschetelekom, but thanks for asking. 3 years of something that’s called „Ausbildung“ a bit more as contractor. -
@Korni22 So, you never worked for us in Austria though. But thank you very much for sharing your opinion. ^Käthe - 8 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
you will like EU General Data Protection Regulation ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
.
@TMobile get your pr department on call, you're about to have a shit storm on your hands. PLAIN TEXT PASSWORDS?? Not even a little ok, please tell me there's a communication breakdown going on hereThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Whooaaaa....
@troyhunt come take a look at this thread....Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
may I use the
@tmobileat responses here as part of my undergraduate exam in the security module of the basic operating systems course? e.g., 1 point for each failure identied - 1 more reply
New conversation -
-
-
Oh no.
@troyhunt plaintext password storage and partial plaintext view for a company in Austria. 99% sure that wouldn't even comply with GDPR.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Clear text??? Really? And After the Talk Talk's breach? You're SURE you can't be penetrated? Because that tweet might just have painted a target on your systems from people either just looking to prove you wrong, or knowing there is easy password pickings. Encrypt now please!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Is Tmo storing passwords in the US this way too? Other than being an awful practice, this is probably a violation some of your auditors may want to know about.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I think the CM who maintains this account is fired. So much misunderstanding and nonsense unified at the same time. Thanks for this funny and sad moment
-
Probably fired, but not for being ignorant but for revealing the low standards and privacy invading policies
End of conversation
New conversation -
-
-
I'm going to assume you're not one of the IT department and therefore don't understand what a serious and elementary mistake this is. Needs to be fixed ASAP, especially now you've disclosed a vulnerability in public.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.