Plain-text bad-news

For the past few years, I’ve run in the City-Bay, Adelaide’s largest Fun Run.

This year, when entering, I needed to reset my password.

Imagine my surprise when they sent me my password in plain text.

Then, imagine my surprise, or lack of it, when they sent me:

Dear Matthew,

We would like to advise that we have removed access to our online entry system after customers reported data missing from their records. Although investigations are underway, we would like to advise no financial information of race entrants is stored on our system and is therefore not at risk.

We recommend that you change the password you have used on our website (once it is deemed safe to reopen). As an added precaution we also advise that you change your password on any other website it is used.

Thank you for your understanding and continued interest in our event,

Kind Regards,

City-Bay Fun Run team

www.city-bay.org.au

Well, you know, if you store passwords, in plain text, then you are just asking for trouble.