Gone Phishin'
I decided to bite the bullet and do most of my holiday shopping online this year - out of laziness mostly, but some of the things I wanted weren't available anywhere else.
The other day I ordered a Dora the Explorer thing online at Toys "R" Us. I must have ordered something from them before, because they knew my email address. The site asked me to change my password, so I did. After I finished my order, they sent me a confirmation email with the order info. So far so good.
They also sent me a confirmation email that I had changed my password, with the password, in clear text. Uhm, hello? Are you fucking idiots? Do you know how many places that password went betweeen the time it left your server and the time it got to me? Do you know how many people might have seen it? At least you put vague text in the note:
Thank you for visiting Toysrus.com. Your Toysrus.com account password has been changed successfully.(I deleted the password)
Your new password is: ...
Who needs phishing scams when we have merchants like you..
0 Comments:
Post a Comment
<< Home