[negrit]

You would be surprise how many services/website store passwords in plaintext. Here is a none exhaustive shame-list: http://plaintextoffenders.com

http://www.scholarvox.com used by many many schools/universities in France(Europe ?) are also storing plaintext passwords and the worse is that they store the passwords provided by the universities, the exact same one used by the students to connect to their intranet/emails/...

[tetha]

A bunch of people on plaintextoffenders.com appear to be confused. They all complain "Oh look they mailed me my password direct after registration, they must store it in plain text". That's wrong.

During registration, I have your password in plain text because you just gave it to me in plain text in order to register your account. Sure, we can discuss about sending the password via email, we can discuss hashing the password client side or server side and so on, but a simple mail "You just registered with this password" doesn't tell anything about password storage.

[omervk]

Heya, co-founder of plaintextoffenders.com here.

Just to note - we have talked about it before here: http://plaintextoffenders.com/post/7006690494/whats-so-wrong...

[throwaway_929]

I know that BlueHost did this, too, as-of three years ago.