[rkagerer]

I've got news for you - they aren't the only ones. Other big companies in the utilities and financial sector also do this, and even some banks.

Often it's a product of repeated acquisitions, where the lowest common denominator across disparate systems is some kind of text-based format.

That said, I'm surprised a customer service agent ostensibly had access to it.

From my own observations (some made during efforts to champion change), industry has gotten better over time. There shouldn't be cases anymore where salted hashes or other alternatives can't be achieved, and I'm pleased to see the public take security and privacy seriously.