3 comments

[ 3.1 ms ] story [ 20.5 ms ] thread
They could have encrypted them and then decrypt if they want to view them.
But that's still just as bad. It doesn't matter if one person or a thousand people reads someone else's password in plain text. It's still technically a breach in security regardless of if they work for the company or not.
Yes it is bad, but its better than storing them in plain text in the database.