17 votes

The Bug That Exposed Your PayPal Password

Tags: security

6 comments

  1. [3]
    emdash
    Link
    I'd sorry, but of all services, what is PayPal's possible rationale for storing passwords in plaintext?

    I'd sorry, but of all services, what is PayPal's possible rationale for storing passwords in plaintext?

    9 votes
    1. umbrae
      Link Parent
      I may have misread it but I don’t think it’s exactly the same as a lot of sites that expose plain text passwords. It sounds like it may have been stored in a temporary session and then resubmitted...

      I may have misread it but I don’t think it’s exactly the same as a lot of sites that expose plain text passwords. It sounds like it may have been stored in a temporary session and then resubmitted afterward. That is hardly an excuse for any site, much less PayPal, but it is maybe... slightly?... less egregious than just storing a plain text password in a database.

      5 votes
    2. daychilde
      Link Parent
      Somewhere, someone was lazy. Or stupid. Or ignorant. That's got to cover about 90% of these types of things. :|

      Somewhere, someone was lazy. Or stupid. Or ignorant. That's got to cover about 90% of these types of things. :|

      1 vote
  2. [3]
    joplin
    Link
    The more I learn about PayPal the more I hate them. It is absolutely unconscionable that they would store passwords in plaintext, but to also send them to you? WTF? That's some gross incompetence...

    The more I learn about PayPal the more I hate them. It is absolutely unconscionable that they would store passwords in plaintext, but to also send them to you? WTF? That's some gross incompetence there. They really should be paying a huge fine for doing something so stupid. But of course, that will never happen.

    5 votes
    1. [2]
      milkbones_4_bigelow
      Link Parent
      Who knows, the ICO fined BA £183m.

      The more I learn about PayPal the more I hate them. It is absolutely unconscionable that they would store passwords in plaintext, but to also send them to you? WTF? That's some gross incompetence there. They really should be paying a huge fine for doing something so stupid. But of course, that will never happen.

      Who knows, the ICO fined BA £183m.

      3 votes
      1. joplin
        Link Parent
        That's great! And Google did recently pay the largest fine in history. (And I think Facebook also paid something similarly huge.) The problem is that it doesn't amount to more than a slap on the...

        That's great! And Google did recently pay the largest fine in history. (And I think Facebook also paid something similarly huge.) The problem is that it doesn't amount to more than a slap on the wrist to these companies, unfortunately. But I remain hopeful that it will begin to get better in the future. Here's hoping!

        1 vote