
T-Mobile Austria is apparently storing customer passwords in plain text - hiergiltdiestfu
https://twitter.com/Scott_Helme/status/982325137130139648
======
hiergiltdiestfu
Customer Service representative Käthe acknowledged in a Twitter convo posted
by security researcher Scott Helme, that agents regularly view the first four
characters of customer passwords for authentication purposes. When confronted
with the bad practise this represents, the rep got defensive, stating that
hacks would not happen because the telco giant would be "100% secure," and
indeed asked whether the hints dropped by the experts were to be understood as
a threat against the company.

------
overkalix
Fun fact. A few weeks ago I received a reminder email from a service I used
months ago. The transaction was done in person, but I guess I somehow agreed
to sign up for their web service.

Not only did they attach my username and password in plain text, the default
passwords are constructed using a very obvious procedure. Essentially, you can
bruteforce any account with 10k to 18M attempts.

------
NoB4Mouth
Consumers' personal information are at risk in the hands of multinational
corporates. That's why i'm working on a blockchain concierge services project
called PREEVE to help consumers pay without giving out their identity or
personal info. If you want to join me on this mission DM here or via telegram
@sammydeeknight for a chat.

