TigerDirect.com stores passwords in a retrievable format

1 points by berdon ↗ HN
Your Password...

Dear XXXXXX,

Your Email Login Is: XXXXXX Your TigerDirect Password Is: XXXXXX

To change your password click on the following link and log in: https://www.tigerdirect.com/secure/OrderLogin.asp?PG=1

Should you have any questions click here to visit our Customer Cervice center.

Great Deals Below... Samsung Galaxy Tab 2 10.1" Tablet, Dual Webcams, WiFi

$399.99 Viewsonic 7" Digital Photo Frame w/ SD Card Slot

$29.99 Linksys Wireless-N Home Router, Recertified

$18.99 Presto! Pagemanager 9 Professional

$65.99

Search over 100,000 Products in Stock... Refer-A-Friend Deal Alerts via

TigerDirect.com is not responsible for typographical errors or omissions. This email was sent to XXXXXX in response to Order # .

Note that TigerDirect.com never sells, rents, or shares your email address. For more information, please review the TigerDirect.com Privacy Policy at: http://www.tigerdirect.com/sectors/aboutus/privacy.asp

Call Center Hours of Operation: Mon - Fri: 7am til 1am ET and Sat - Sun: 8am til Midnight ET

For Merchandise Returns: c/o TigerDirect Warehouse - 175 Ambassador Drive, Naperville, IL 60540

Copyright © 2012 - TigerDirect, Inc. 7795 West Flagler Street, Suite 35, Miami, FL 33144 (Corporate Headquarters: No Returns Accepted) LEGAL NOTICES| PRIVACY POLICY

4 comments

[ 3.8 ms ] story [ 24.0 ms ] thread
Or, they could be storing encrypted passwords as opposed to hashed passwords?
Either way, there should be no way they can retrieve your password to send it to you.

I'm not a security expert, but I've seen HN posts where others describe this.

>> Either way, there should be no way they can retrieve your password to send it to you.

I don't disagree with that, but the headline leads one to a particular conclusion despite the set of facts that the OP provided.