from the same entity, i was also asked for my password in a customer service call 🚨 :red_flag: 🚨

Show thread

@chr why, would they need to view that field unhashed, ...

@chr

> [password field refusing a password with the error message "Html [sic] or JavaScript is not allowed"]

Just be glad they weren't rejecting #perl, or *no* passwords would be valid!

(Also, agree with the "aaaaaaaa" reactions upthread. Something has clearly gone horribly wrong!)

@chr That's the sort of security violation that makes me think closing an account is likely the best possible course of action.

If you absolutely need the account, come up with a deliberately poor-but-unique password and lie about every personal information field on the site so that the inevitable hack doesn't cause too much collateral damage.

@salameleon i would love nothing more than to delete every bit of personal information out of this database. unfortunately, the reason i was contacting customer service is my account was fully locked because the *exact password i set* was not working. i suspect because it was silently truncated when stored in the database.

@salameleon i'm probably going to have to visit a physical location to escalate this, i unfortunately already put in some very sensitive bits of PII in their system that would be extremely bad if exposed in a hack.

@chr I forget if you're European or not, but this feels like it has GDPR violation written all over it.

@salameleon nope, USA unfortunately. and not california, either.

@salameleon also the organization is definitely not international

@hummingrain no, alarmingly, this came up when i was just trying to put in a password i generated in KeePass with the "special characters" set enabled

@hummingrain (heavily suggesting that it is a regex-based filter 😬)

@chr nope nope nope nope

Whatever this is is BEGGING to be hacked

@chr ok absolute best case scenario here they just can't be arsed fixing the WAF so they handle it in javascript before the POST but still

Sign in to participate in the conversation
Cybrespace

Cybrespace is an instance of Mastodon, a social network based on open web protocols and free, open-source software. It is decentralized like e-mail.