Recently, a Reddit post by the user @take_whats_yours has been circulating around the World Wide Web. Through the post, the user revealed his identity as an IT professional. One day, he was using the Golden Screen Cinemas website and proceeded to update his password and managed to do so successfully.

He then confirmed the password change in the email that GSC has sent him. However, when he logged out and tried to re-login with the new password, the password was now invalid. The old password was also invalid.

He then clicked the ‘Forgot Password’ link to reset the password and had expected to receive an email with a link to reset his password to a new one of his own choosing. However, GSC had sent his username and password in plain text over the Internet.

Image Credit: GSC Online

“This means they are storing your password on their database in plain text. Anyone who gains access to this database will have access to your account and all your personal information, including address, phone numbers and credit card details. Better than that, it was the old password they sent, which doesn’t work to log in, which means their databases are not updating correctly when you try to reset your password,” said @take_whats_yours.

He proceeded to address the issue by contacting the customer service department with an email stating:

“I just changed my password. I clicked the confirmation link in the email but now cannot log in with the new password or my old password.

So I clicked forgot password, and you sent me my old password in plain text. This is incredibly dangerous practice. You should be hashing passwords. You should never store passwords in plain text, only a hash. If I select “Forgot Password” you should NEVER send the password in plain text, only a link to renew the password.

Please put me in touch with somebody from your IT security department immediately. I have personal information stored in your database. I cannot believe a company in 2016 is so nonchalant with customer data.”

@take_whats_yours took to Reddit to get opinions from others on the matter. “What do you guys think? Worth kicking up a fuss over this? Or delete the account and let it be?”, he asked.

Another Reddit user offered their opinion: “Wow I don’t even have an account and I’m pissed. Your personal details and credit card information are stored there. You have every right to kick up a fuss.”

Image Credit: globalcool.org

Another user shared, “Another lackadaisical or tidak apa approach. When sh*t happens, they will blame someone else.”

The original poster, @take_whats_yours has since added an edit to the end of his post, “To anyone who thinks this isn’t proof that they aren’t hashing passwords, I’m sorry but you’re wrong. You either don’t understand how cryptographic hashing works (it is a one way function, you cannot “decrypt” a hash), or you have some inexplicable desire to defend this stupidity on the part of GSC. Every security professional on the planet would condemn this. GSC is sending plain text passwords over an insecure medium. This is a disaster waiting to happen.”

Social media users, what are your thoughts on the matter?

Feature Image Credit: Reddit, GSC Online

 
 
Also Read
Here’s Pulled Beef Yee Sang And Niu Year Set Meals To Feed 2-10 People This V-Day Or CNY!

We try dishes from Maria's SteakCafe's set meals for Chinese New Year & Valentine's Day 2021, including the signature pulled beef yee sang.

Devouring The Super Thicc Smoky BBQ Chicken & Beef Burger From myBurgerLab

myBurgerLab's tasty Smoky CB burger has seared cheddar, beef patty, fried chicken thigh, pickles, a minty yoghurt sauce & smoky bbq sauce.

We Try Premium Katsu Sandos That Have Gold Leaf, Caviar, M8 Wagyu & Foie Gras

We review the Yakuza M8 Wagyu Katsu Sando with Foie Gras, Seafood Don, Wagyu Karubi Don, and Truffle Unagi Don from Yakuza by Dark.

Prosperity Is Looking Pretty Cute With These Customisable CNY-Themed Cupcakes!

CNY2021 Deal: Customisable Chinese New Year cupcakes from The Cakery, with flavours like Butter, Pandan Gula Melaka, Nutella, and Chocolate..

Grand Hyatt KL Has Created A Dining Experience That Feeds Our Wanderlust

Here's what The Grand Getaway experience at Grand Hyatt Kuala Lumpur is like, combining fine dining with an audiovisual show.

These Layered Cheesecakes In Glass Jars Are Cute And Convenient To Indulge In!

We try out Little Chindian Bakes delicious cheesecakes in jars, which come in Nutella Biscoff or Lotus Biscoff chessecake flavours.

We Tried This Home Baker’s Version Of Queen Elizabeth’s Favourite Chocolate Biscuit Cake

We taste 3 favourites from local baker The Dessert Bar: refreshing Mango Delight, Her Majesty’s Cake & the Cookie Monster’s Cookie.

We Styled A Pinterest-Worthy Bedroom To Match These RM50 Comfy Fitted Sheet Sets

Here are some of the designs available for the Christmas promo deals from AT&IN, which include pillows, pillowcases and fitted sheet sets.