Every so often when I do a password reset the site will send me my password in plain text. This lets you know that they are storing the password in plain text in their database. They are practically asking to be hacked. IMHO any site that does not use some sort of salt with their passwords probably does not have the best security. Recently a cellular rental company emailed customers
Dear Valued Customer
It has come to our attention that many of our customers’ personal information can be found online. We did in fact have a breach happen to us about a year ago and we have since updated our database with extreme measures of security and encryption to protect our customers.
At the time we contacted each customer that we believed to have been affected. Recently it came to our attention that the information is still available online and we came to realize that the breach was bigger than we thought, so we contacted each and every customer that did not already contact us that they cancelled their cards, and had them contact their bank to cancel and monitor their accounts.
Unfortunately, cyber security in the USA has proven problematic, as well. Target, the Pentagon, and more recently the DNC have also been victims of cyber terrorism. Which is why we take security seriously. We therefore have already reached out to the web hosting of that site as well as the domain registrar to have it removed, however it seems that this is not a simple or quick process. We still commit to constantly updating the security of our website. In any event, all of the available information is outdated and unusable.
Feel free to contact us if you have any more questions or comments.
Looking forward to continue doing business with you.
This begs the question, why was anyone in 2016 was still storing credit card numbers in ASCII? Anyone heard of credit card tokenization anyone? Do you want to be hacked?