Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Username and password in email from hosting company

  • 23-01-2010 11:17am
    #1
    conolan
    Banned (with Prison Access) Posts: 586 ✭✭✭


    A hosting company who I have an account with have just sent me an email reminding em that my CC is expiring shortly. Fair enough.

    But they put my username and password into the email. Absolutely clear for anyone to sniff. I didn't request it.

    Is this usual, acceptable?


Comments

  • #2
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    conolan wrote: »
    A hosting company who I have an account with have just sent me an email reminding em that my CC is expiring shortly. Fair enough.

    But they put my username and password into the email. Absolutely clear for anyone to sniff. I didn't request it.

    Is this usual, acceptable?

    Absolutely not.

    1) You didn't request it (the user name and password).

    2) It has nothing to do with the expiry of your card.

    3) When you first sign up for something like this, they should provide the user name and password in a window over a secure page with a heavily emphasized advisory to make a note of it (and preferably suggesting that you change the password to another complex password of your own choice). No need to ever send it over email. Ever.

    I remember a few years ago making a reservation with the Great Southern hotel at Dublin airport - then state owned. They sent me an unencrypted email confirmation of my reservation with my name, address, card number and expiry date.

    Needless to say I cancelled the reservation. Never stayed at the hotel again. And got the bank to stop the card and issue a replacement, just in case.

    The world is full of ejits. I'd dump that hosting company and move. I dumped a hosting company yesterday for a different reason, and am happy with the replacement - even though they caused me problems with card verification bureaucracy. At least the new guys are security conscious, and open 24h/24 for support. There are a lot of hosting companies out there - no need to put up with poor service.


  • #3
    conolan
    Banned (with Prison Access) Posts: 586 ✭✭✭conolan


    Just got a (dubious) explanation from hosting company
    We like other Irish hosts, use propietry software which has this feature inbuilt. We're rolling out a new billing system which has a different password policy. You'll receive an email in the coming weeks in relation to this.

    - Your encrypted card data has been removed from our systems. You're account type has been set that you wont receive future emails with such info contained within.

    Note the words in red. Anyone know if this is true?


  • #4
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    conolan wrote: »
    Just got a (dubious) explanation from hosting company
    We like other Irish hosts, use propietry software which has this feature inbuilt. We're rolling out a new billing system which has a different password policy. You'll receive an email in the coming weeks in relation to this.

    - Your encrypted card data has been removed from our systems. You're account type has been set that you wont receive future emails with such info contained within.
    Note the words in red. Anyone know if this is true?

    I suspect that they are just waffling. If they were an intelligently managed operation, and if such a "feature" came with a software package they use, why did they buy/use the software - if they couldn't re-configure it to stop sending out passwords?

    Who knows what other security issues are lurking under the hood of this hosting company?

    I'd ask the bank for a new card number and move from them, ASAP, if I was in your position.


  • #5
    BaconZombie
    Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    There is probably a "feature inbuilt" to mark you as getting free host and one that is the default Administrator User/Password for the entire system.

    Lets just hope they did not leave then enable as well..... :pac:

    Regards,

    BaconZombie'(; Drop TABLE Billing;--
    conolan wrote: »
    Just got a (dubious) explanation from hosting company
    We like other Irish hosts, use propietry software which has this feature inbuilt. We're rolling out a new billing system which has a different password policy. You'll receive an email in the coming weeks in relation to this.

    - Your encrypted card data has been removed from our systems. You're account type has been set that you wont receive future emails with such info contained within.

    Note the words in red. Anyone know if this is true?


Advertisement