Quote:
Originally Posted by NATCARD
I use Simple Auction Site for my auctions. I can see all of my customers User id's and passwords. Thanks, Jeff W (National Card Investors)
|
Thanks for confirming this, Jeff.
It is completely unacceptable for the SimpleAuctionSite and Barnebys.com (their parent company) to allow passwords to be stored in clear text and to allow auction site owners to optionally see them. It's not an oversight or "not a big deal". This is a complicit, lazy, unacceptable breach of data security.
The list of sports auctions sites using their software is long. You can easily check this by looking at the footer of any page on a site. If it shows the SimplyAuctionSite logo, you can assume that your username and password are NOT private.
If the excuse is "it wasn't malicious", then the answer is that it's incompetence. They can choose. Bob Freedman and SimplyAuctionSite, get this fixed tomorrow.