6:06 PM, 24th October 2008
EzyDVD store passwords in the clear
I've been a customer of EzyDVD for some time. They were one of the first players in Australia to take e-commerce seriously; I like their no-fuss website, and their customer service has always been very good.
However, I had a somewhat alarming experience recently. I had a problem with an order that I placed, so I emailed their customer service line. I didn't hear back from them, so I called their customer service line. The helpful lass on the other end of the phone solved my problem quickly.... but in the process was able to tell me my account password.
You don't have to be in this industry for long to know that storing passwords in clear-text is a bad idea. I've taken this up with their webmaster, but I haven't heard back yet. In the meantime - any readers that use EzyDVD - be warned.