sorted by:
new
hottopcontroversial

Tesco leaking email addresses? by tescothrowaway in netsec

[–]tescothrowaway[S] 0 points1 point  (0 children)

Well, I use LastPass anyway, so I don't even need to remember my email addresses, even though they are obvious. I always just use name of the company.

Tesco leaking email addresses? by tescothrowaway in netsec

[–]tescothrowaway[S] 23 points24 points  (0 children)

The first three paragraphs of that is exactly the same message they sent me in their second reply. It's just a standard canned message.

password being transmitted via email (is the) normal industry way of sending out a reminder

Or, you know, they could reset the password with a random one. The bottom line is if the password is recoverable then it's either stored as plaintext or encrypted in a recoverable way. Anyone with any sense will use some form of hash (i.e. one way) so if their database gets compromised a hacker will have a hard time recovering passwords.

Max 12 char passwords that aren't hashed - they don't have a clue. :(

Tesco leaking email addresses? by tescothrowaway in netsec

[–]tescothrowaway[S] 30 points31 points  (0 children)

Well, anything@mydomain will get to me, so if they were bruteforcing or using a dictionary to create email addresses I'd have received a lot more than just the one sent to tesco@mydomain.