Every user is at risk through this.
Every user who uses a password that is not unique to this forum or the HJ forum seems to be having their password and email stored in plain text away from the secure database where I am told all passwords are encrypted.
This makes a mockery of storing them securely. It totally negates any security.
This could be a massive security risk if this information gets into the hands of someone who will act maliciously. It is completely against all DP practice.
It seems to be against the law, storing plain text passwords in a database or list by a 3rd party most certainly does not "ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss" as required by the law.
You can even read about why this is bad on Wikipedia: "Some computer systems store user passwords as cleartext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords-and so all user accounts-will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well."
I want to know if my own information is being stored in this way. It seems to be, as a post was made, and then hidden, in my name on the HJ forum, allegedly.
I have certainly emailed Stephen Khoo.
All this "couldn't care less" is fine, until something (catastrophic, accidental or malicious) happens. Then, all users of this forum and of HJ forum will be at great risk of having personal accounts hacked and abused.
People should know how their personal info is stored, and what happens to it. This policy is highly secretive at the moment. Matter of fact, there is no policy at the moment.
Think what would happen if YOUR email and plain-text Password fell into the wrong hands.
Ling
Last edited by: LINGsCARS on Mon 1 Mar 10 at 08:42
|