[tomgallard]

I'm not sure I agree. I'd say my name is private, I'd say my date of birth is more private, I'd say my medical conditions are more private still. There are clearly degrees of privacy.

Does it really make sense to hold my bank to the same standard as a real estate website? Sure they should all reach some minimum requirement (salted and hashed passwords), but I expect my bank to have far higher standards (e.g. two factor auth) than a a random site.

[pmjordan]

The problem with storing passwords insecurely is that people reuse them. You can try to tell them otherwise as much as you like, they will do it, so even if one service holds non-sensitive data, stealing the password will grant access to other, completely unrelated services.

[jrsimmons]

Yeah that was overly simplistic.

I guess the issue is that the layman cannot really tell how secure a solution is, and so are unlikely to be able to make well reasoned decisions about the information they release. As such there really needs to be a far greater level of responsibility placed on people who hold the keys so to speak. Once again this is especially true since people re-use (and use overly simple) passwords at a scary rate. By not protecting their information on a crappy real estate website you are potentially leaving open their bank to abuse.

I feel instances like these just show dangerous levels of incompetence and a blatant disregard for user's information. Good solutions generally require less work anyway so there's no excuse.