The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
(Score: 3, Informative) by Knowledge Troll on Sunday April 08 2018, @03:09PM (2 children)
T-Mobile wasn't breached - at least not that they are reporting.
(Score: 0) by Anonymous Coward on Sunday April 08 2018, @03:21PM
Ah, right, the breach was in Finland, and the statement was from T-Mobile Austria. My bad. That means that the "explanation" is just terminally stupid, not clinically insane.
(Score: 0) by Anonymous Coward on Sunday April 08 2018, @06:00PM
Someone found and PoC'd an XSS on their website on Friday night. It was also reported they are running comically old versions of the Linux kernel, PHP, and Apache. I suspect their database is already floating around on at least one invite only "dark" web forum. I'm thinking some time late next week it'll hit the mainstream network news.
In other news, if you're still sharing passwords between websites, now would be a very good time to rethink that practice while you're changing your passwords again.