
Passwords stolen in Rate My Professors data breach - yuranlu
http://www.ratemyprofessors.com/securityFAQs
======
bm79
This is completely unacceptable. 1) they were storing passwords and 2) they
were keeping an old database with sensitive information around that should
have been deleted if it were no longer being used. You haven't seen
indications that they altered professor ratings on your site? Who cares? What
about the fact that email addresses and passwords are now in the hands of
criminals? Companies really need to start being held responsible for the
results of their lacklustre security efforts.

------
seanwilson
> These hackers acquired email addresses and passwords for some registered
> users of the active RateMyProfessors.com website (“Site”). We have not seen
> indications that the compromised information has been used without
> authorization or that ratings submitted to the Site were implicated in the
> incident.

So passwords that likely match most of the email account passwords were stored
in plaintext then...?

