The Core

Why We Are Here => Water Cooler => Topic started by: rcjordan on March 01, 2019, 06:21:21 PM

Title: CSV: plaintext offenders
Post by: rcjordan on March 01, 2019, 06:21:21 PM
Sites that store passwords in plaintext - GitHub

https://github.com/plaintextoffenders/plaintextoffenders/blob/master/offenders.csv
Title: Re: CSV: plaintext offenders
Post by: ukgimp on March 01, 2019, 10:48:46 PM
Ahrefs email me my PW. Wtf.
Title: Re: CSV: plaintext offenders
Post by: rcjordan on March 01, 2019, 11:01:21 PM
>email

QuoteIf you set up an account and the site sends you an email which lists your password, it's likely stored in plaintext.

How to Tell If a Site Stores Passwords as Plaintext
https://www.makeuseof.com/tag/sites-passwords-plaintext/
Title: Re: CSV: plaintext offenders
Post by: littleman on March 02, 2019, 12:47:28 AM
Damn, that is a huge list with some big names in there too.  It reminds me of when I was looking at a shopping cart program that saved the CC info in plain text.  I searched for the default file name Altavista (yes it was a long time ago) and found hundreds of files with credit card numbers on them.
Title: Re: CSV: plaintext offenders
Post by: ergophobe on March 02, 2019, 03:08:20 AM
It's funny. You look at some code and you see they are still storing passwords as MD5 hashes and you think "Do they know nothing?"

And then you find out some people don't hash at all.