NCR, one of the largest Internet providers and cable providers in the U.S., currently allows Twitter to save the user's password in clear text.
MRC spokeswoman I said this "[customer support] If a specific change is requested, the agent must refer to this password to verify ownership of the account. "
This revelation came after users going to Twitter Romgrim It was called RCN support on the weekend. Before calling, he said he used the password manager application KeePass to generate a 26 – character random password for his RCN account.
He stated that an employee at RCM who handled his call could see and return this password without confirming that he was talking with the account holder.
To talk to ZDNetRomgurim said to the reporter that he opened to the Reddy this weekend he had escaped.
"Their agents were able to see the password that they brought online in plain text 5 minutes ago without verification, and when they heard the password they came back to me by phone; rsquo; you Do you want it? "Romgrim.
But Romgurim confirmed what happened for the first time, but other users who comment on the same Reddit threat have said that the same problem has occurred in the past.
A Reddit user said, "Just talking to a customer service representative, the same thing said, it does not seem to understand why this is a problem.
A problem that does not seem to be understood by RCN employees is that if you do not verify the identity of the caller before entering the password it can cause serious damage to life. private.
In the case of exle, stalkers may find new ways to interfere with the privacy of the victims, but fraudsters and fraudsters can use this issue to access a treasure house of personally identifiable financial information it can.
TechRepublic: Why 31% of data breaches lead to employee dismissal
According to Romgrim, this may cause serious problems. This is because NCR accounts store a considerable amount of personal information, as with most US ISPS accounts.
"MyRCN web portal includes access to billing portal and automatic payment settings," says Romgrim. ZDNet. "Payment of invoices can be downloaded during the contract period.
"You can change you too …
Hope you like the news US ISP RCN stores customer passwords in cleartext. Stay Tuned For More Updates 🙂