customer data including plaintext passwords is currently circulating

[mkellerman]

I just received the following e-mail from Sedo which looks genuine


Dear valued SedoPro Customer


We have been informed that due to a security problem at one of our competitors a list of their customer data including plaintext passwords is currently circulating in the domain parking industry and in relevant hacker forums.



Due to the seriousness of this matter combined with the possibility that you might be using the same login data/password at more than one parking company, we strongly advise you to change your password at Sedo.



Sedo uses cryptographically unbreakable ciphertext for password checks and does not store your password in plaintext. This, and a variety of other security measures, ensures that your Sedo account is always safe from third parties.



We generally advise you to always use different login credentials for different sites and never hand out your login credentials to any third party.



Should you have any further questions or needs, your dedicated account manager is looking forward to help.



Kind regards,

Your Sedo Security and Compliance Team

 

[BELLC1]

I wonder which "competitor" it is?

 

[draggar]

I don't think any would be too bright for any company (or web entity) to keep passwords in plain text format, even Wordpress encrypts the passwords.

The only security risk that this sounds like could be a key logger on the person's computer.

Edit: But it's not a bad idea to follow that advice.

 

[BELLC1]

I changed mine even though I don't have the same password at more than one place.
Better safe ...

 

[dominator]

nd?

http://www.dnforum.com/f267/namedrive-login-problems-thread-348428.html