

Tell HN: Stitcher does not encrypt users' passwords - stitchintime

Stitcher (the podcast app) actually stores passwords <i>in plaintext.</i><p>They have had millions of dollars and a number of years to fix this, but their leadership refused to prioritize the day or so of work it would take to implement the most basic protections for the users who trust them.<p>I just want this to be well-enough known that they get the shame they have chosen for themselves, so that future companies think twice before acting so callously.<p>-- anonymous
======
negrit
You would be surprise how many services/website store passwords in plaintext.
Here is a none exhaustive shame-list: <http://plaintextoffenders.com>

<http://www.scholarvox.com> used by many many schools/universities in
France(Europe ?) are also storing plaintext passwords and the worse is that
they store the passwords provided by the universities, the exact same one used
by the students to connect to their intranet/emails/...

~~~
tetha
A bunch of people on plaintextoffenders.com appear to be confused. They all
complain "Oh look they mailed me my password direct after registration, they
must store it in plain text". That's wrong.

During registration, I have your password in plain text because you just gave
it to me in plain text in order to register your account. Sure, we can discuss
about sending the password via email, we can discuss hashing the password
client side or server side and so on, but a simple mail "You just registered
with this password" doesn't tell anything about password storage.

~~~
omervk
Heya, co-founder of plaintextoffenders.com here.

Just to note - we have talked about it before here:
[http://plaintextoffenders.com/post/7006690494/whats-so-
wrong...](http://plaintextoffenders.com/post/7006690494/whats-so-wrong-about-
sending-a-new-password-in)

