

Wordpress.com was storing passwords in plain text - _zie

Just received this nice email:<p>-----<p>Hello,<p>During an internal audit we noticed that we recorded the password you chose during signup for WordPress.com in plain text. Our policy is to never store plain-text passwords, and we have taken steps to remove the passwords from our systems.<p>These passwords were stored in a secure location, and there is nothing that suggests they were compromised or the security of your account was decreased in any way. However, out of an abundance of caution we have reset your password.<p>To reset your password and get access to your account and blog, please follow these steps:<p>Go to WordPress.com<p>Click the &quot;Log In&quot; button on the homepage<p>Click on the link &quot;Lost your password?&quot;<p>Enter your WordPress.com username:<p>Click the &quot;Get New Password&quot; button<p>If you have any further questions or trouble resetting your password, please reply to this message to get help from our support team. We will never ask you to supply your account password or financial information via email.<p>The WordPress.com Team<p>-----<p>Le sigh.
======
otoburb
I thought your first sentence was sincere, but your last implies otherwise. I
don't think everybody received this email.

We should be happy that WordPress didn't hide this fact and came clean by
informing users. Of course, the email doesn't list _when_ they noticed your
password (or other passwords) recorded in plaintext, but at least it's been
identified and steps taken to address the problem.

~~~
_zie
I was admittedly a little heavy handed on the sarcasm (it's been a long day).

Absolutely appreciate that they were open and honest about this and that it
was discovered during an audit and fixed.

Sigh was more that best practices may or may not have been followed up to this
point, and there are likely many other companies with similar holes that may
not have been as proactive or transparent as WP.

------
some_furry
I really hope the WordPress.com team is using the password_* API provided in
PHP 5.5 or by ircmaxell/password_compat for their password storage. That, or
scrypt (available in PECL thanks to Dominick Black!)

------
paulhauggis
"Le sigh."

This doesn't mean it was stored in plain text. There are plenty of 2-way
encryption schemes.

~~~
bengali3
"we noticed that we recorded the password you chose during signup for
WordPress.com in plain text"

agreed, the wording is 'recorded' not stored which makes me lean(naively?)
towards something like inadvertent logging for example?

ie. plaintext over https through a loadbalancer, with http communication
internally, and an internal app logging all its traffic for debugging
purposes?

then sometime later: oops, we found some log files with plaintext passwords on
our servers.

IDK, just one scenario that might fall under this description

