Recently, a Reddit post by the user @take_whats_yours has been circulating around the World Wide Web. Through the post, the user revealed his identity as an IT professional. One day, he was using the Golden Screen Cinemas website and proceeded to update his password and managed to do so successfully.

He then confirmed the password change in the email that GSC has sent him. However, when he logged out and tried to re-login with the new password, the password was now invalid. The old password was also invalid.

He then clicked the ‘Forgot Password’ link to reset the password and had expected to receive an email with a link to reset his password to a new one of his own choosing. However, GSC had sent his username and password in plain text over the Internet.

Image Credit: GSC Online

“This means they are storing your password on their database in plain text. Anyone who gains access to this database will have access to your account and all your personal information, including address, phone numbers and credit card details. Better than that, it was the old password they sent, which doesn’t work to log in, which means their databases are not updating correctly when you try to reset your password,” said @take_whats_yours.

He proceeded to address the issue by contacting the customer service department with an email stating:

“I just changed my password. I clicked the confirmation link in the email but now cannot log in with the new password or my old password.

So I clicked forgot password, and you sent me my old password in plain text. This is incredibly dangerous practice. You should be hashing passwords. You should never store passwords in plain text, only a hash. If I select “Forgot Password” you should NEVER send the password in plain text, only a link to renew the password.

Please put me in touch with somebody from your IT security department immediately. I have personal information stored in your database. I cannot believe a company in 2016 is so nonchalant with customer data.”

@take_whats_yours took to Reddit to get opinions from others on the matter. “What do you guys think? Worth kicking up a fuss over this? Or delete the account and let it be?”, he asked.

Another Reddit user offered their opinion: “Wow I don’t even have an account and I’m pissed. Your personal details and credit card information are stored there. You have every right to kick up a fuss.”

Image Credit: globalcool.org

Another user shared, “Another lackadaisical or tidak apa approach. When sh*t happens, they will blame someone else.”

The original poster, @take_whats_yours has since added an edit to the end of his post, “To anyone who thinks this isn’t proof that they aren’t hashing passwords, I’m sorry but you’re wrong. You either don’t understand how cryptographic hashing works (it is a one way function, you cannot “decrypt” a hash), or you have some inexplicable desire to defend this stupidity on the part of GSC. Every security professional on the planet would condemn this. GSC is sending plain text passwords over an insecure medium. This is a disaster waiting to happen.”

Social media users, what are your thoughts on the matter?

Feature Image Credit: Reddit, GSC Online

 
 
Also Read
East Meets West: ‘Huat’ Is myBurgerLab’s CNY Burger & Yee Sang Pizza All About?

myBurgerLab and myPizzaLab have released limited edition CNY menu items. Here's how their Yee Sang pizza and Fu Chok burger fared our taste test.

We Were Challenged To Check Off Our Holiday Shopping At The Duty-Free Zone

KLIA and klia2 airports are home to a wide variety of duty-free shopping ranging from luxury goods, kids toys, makeup and more.

This Buffet Has 12 Cuts Of Meat & 10 Soups, But It’s Really All About The Unlimited Wagyu

Easily over-indulge yourself with a combination of shabu shabu offerings with unlimited A5 Wagyu Beef, 10 types of soups, desserts, and more.

#SaveOrSplurge: A RM150 Cinema Experience At GSC’s Luxury Aurum Theatre In The Gardens Mall

Our thoughts and review after watching a movie in GSC's new luxury cinema experience in Aurum Theatre located in The Gardens Mall, Mid Valley City.

There’s An Event To Educate M’sians About #MeToo On Nov 30, Here’s How To Get Involved

On November 30th, there will be a half-day educational event held in Bangsar about the #MeToo movement and sexual harassment.

Tealive’s New Drinks Are A Blast From The Past And A Pop In Our Mouths

Tealive's Pop Pop Pearl drinks come in two flavours of mango and strawberry. The pearls will pop in your mouth and transport you back into the past.

10,000 Users Are Already Saving Over RM2,000 A Year For Food On This App—But Wait, There’s More

The ENTERTAINER app will help you save money on food, activities, attractions and even hotel stays, you can even use the deals multiple times a month.

We Went On A Culinary Journey To 5 Global Locations With A 58mm-Tall Chef

We ate lamb in the Middle East, sorbet in the Himalayan mountain range, and crème brulee in France, all from our seats at Le Petit Chef in ELEMENTS.