Tell HN: Stitcher does not encrypt users' passwords

[stitchintime]

Stitcher (the podcast app) actually stores passwords in plaintext.

They have had millions of dollars and a number of years to fix this, but their leadership refused to prioritize the day or so of work it would take to implement the most basic protections for the users who trust them.

I just want this to be well-enough known that they get the shame they have chosen for themselves, so that future companies think twice before acting so callously.

-- anonymous

[negrit]

You would be surprise how many services/website store passwords in plaintext. Here is a none exhaustive shame-list: http://plaintextoffenders.com

http://www.scholarvox.com used by many many schools/universities in France(Europe ?) are also storing plaintext passwords and the worse is that they store the passwords provided by the universities, the exact same one used by the students to connect to their intranet/emails/...

[tetha]

A bunch of people on plaintextoffenders.com appear to be confused. They all complain "Oh look they mailed me my password direct after registration, they must store it in plain text". That's wrong.

During registration, I have your password in plain text because you just gave it to me in plain text in order to register your account. Sure, we can discuss about sending the password via email, we can discuss hashing the password client side or server side and so on, but a simple mail "You just registered with this password" doesn't tell anything about password storage.

[omervk]

Heya, co-founder of plaintextoffenders.com here.

Just to note - we have talked about it before here: http://plaintextoffenders.com/post/7006690494/whats-so-wrong...

[throwaway_929]

I know that BlueHost did this, too, as-of three years ago.