Ya, of course. Immediately changed my password.
However, I would urge that the protection of customer credentials should be paramount. This type of security is the baseline for any legitimate business. It is a problem that has been solved already and it is easy to implement.
You gotta take care of your customers. What happens when there is a SQL injection breach (which this site is unlikely to be protected against) and whoops now someone has the legit password for anyone with an account here, maybe 20% of which use a password manager or something like that and don't reuse passwords. Now those 80% have their password (and associated username) in a table somewhere ready to brute force a bank account or whatever. Sure there is no sure fire security that will protect against everything and still have good performance, but to be honest, this is so baseline it is rather unacceptable these days to not do it. They are overlooking customer safety for short term profits and goals. So sad.
One guy puts a days worth of time on it, now ass is covered.
Last edited by NinjaWithSpoons; 19/09/16 02:55 AM.
