I know it sounds implied but he didn't say customer service had access to plain text password, just that he verified it over the phone. You can surely do that with hashed password but it's still not a good practice.
I was not enjoying Magento and my password was something like "MagentoSuck$"
I don't remember who I was talking to exactly but they said something like "and you're logging in with the username <whatever> and the password (fading awkwardly) MagentoSucks..."?
I don't remember who I was talking to exactly but they said something like "and you're logging in with the username <whatever> and the password (fading awkwardly) MagentoSucks..."?
And we both kind of laughed nervously...