TOPIC: So er virgin media peps read.

GreenZapperZ wrote:

I don't think postman pat will be reading any of my mail for whatever reason

Lewis_is_java wrote:

Big yikes for vm

MartinGaming wrote:
If the big corps cannot be bothered to keep my data safe why in the world should everyone else have too. Just to remind you that is why that is illegal to have passwords in plain text: Page 11

It is dumb for virgin media to not hash the passwords, however them mailing the password by mail is a completely normal procedure;Banks literally mail your debit or credit card.


I am not going to go digging into country specific and international law to see whether the act of not hashing passwords is legal or not, however I think it is idiotic to think if it truly was illegal, their legal team just missed it or glanced over it.

As for Deadmonstor, what you linked literally doesn't say what you think it says, the link that you give is a "password guidance approach", it is not an actual law there are no statues for the so called law, there is no penal code, there is no paragraph number, you are simply miss interpreting their "SHOULD".
I SHOULD WIPE MY ASS AFTER TAKING A SHIT BUT I AM NOT PUNISHABLE BY LAW IF I DONT

On the topic of hashing, most php based databases use md5 hash anyways which takes mere seconds to crack.
I also love that some people are acting like this little thing is actually going to tank virgin media, if their company would be public we wouldn't even see their stock decline by pennies under a magnifier.

FluffyOP wrote:
Remind me on the other ways to get a physical bank card to a new customer, I know there’s many other, more sensible, solutions for resetting passwords but I’m intrigued by your comment

.uzi wrote: Literally everyone in this thread were making jokes about how unsecure sending someones password through the mail is I wasn't making a claim about it's efficacy rather then the asinine security argument.

FluffyOP wrote:

It's literally illegal to keep it plain text if there ever was a breach into their database they would have to pay a LOT in damages to the customers that were affected

FluffyOP wrote:
We are in a time where technology is so advanced there is absolutely no way sending people’s passwords via post should be considered “normal”.

There is no comparison to sending bank cards to customers either considering they are fundamentally different; one is a physical object (that obviously has associated digital data), the other is just data

Companies exist nowadays that were built on the very principle that their end user’s data absolutely should be safe, hell, some fork out for “military grade” security (in quotes because there’s a chance it’s just a buzz phrase now). It is an absolute joke

What you posted now, is what you should have posted the first time, but once again this is just another legal grey area they are sitting under, even the mere fact that they don't specifically mention passwords and hashing or don't define what counts as securely could win the case for them.

.uzi wrote: Who are you even talking to? I don't disagree with any of this?
Did you even see my reply?

MartinGaming wrote: Yeah, personally I use a password manager and have the LONG password to the manager on a piece of paper and I have 2FA everywhere I can.
I was just saying a lot of people are guilty of that sin.