Tell HN: Stitcher does not encrypt users' passwords
Stitcher (the podcast app) actually stores passwords in plaintext.
They have had millions of dollars and a number of years to fix this, but their leadership refused to prioritize the day or so of work it would take to implement the most basic protections for the users who trust them.
I just want this to be well-enough known that they get the shame they have chosen for themselves, so that future companies think twice before acting so callously.
-- anonymous
4 comments
[ 3.2 ms ] story [ 19.6 ms ] threadhttp://www.scholarvox.com used by many many schools/universities in France(Europe ?) are also storing plaintext passwords and the worse is that they store the passwords provided by the universities, the exact same one used by the students to connect to their intranet/emails/...
During registration, I have your password in plain text because you just gave it to me in plain text in order to register your account. Sure, we can discuss about sending the password via email, we can discuss hashing the password client side or server side and so on, but a simple mail "You just registered with this password" doesn't tell anything about password storage.
Just to note - we have talked about it before here: http://plaintextoffenders.com/post/7006690494/whats-so-wrong...