Want more features on Pastebin? Sign Up, it's FREE!
Guest

Tesco support

By: a guest on Jul 30th, 2012  |  syntax: None  |  size: 2.69 KB  |  views: 3,783  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. On 28 October 2010 12:30, Tesco.com Support <support@tesco.co.uk> wrote:
  2.  
  3.     Dear Mr Clark
  4.  
  5.     Thank you for contacting me and please accept my apologies for the delay in replying to you.
  6.  
  7.     I've had a word with my support team and asked them if they're stored with ‘one way  encryption’ or any encryption and they say that although the information is not encrypted the level of security surrounding the password means that only the senior technical positions could access the information.
  8.  
  9.     I'm sorry that you've decided to terminate shopping with us due to this issue as to my knowledge we've never been hacked and they've tried. The main issue with regard password theft is Phishing and there're a number of those emails going about at the moment.
  10.  
  11.     If you’ve any further queries please don’t hesitate to contact me at support@tesco.co.uk quoting TES8404228X.
  12.  
  13.     Kind Regards
  14.  
  15.     Stephen Wood
  16.     Customer Service Manager
  17.     Tesco.com Support
  18.  
  19.     ----- Original Message -----
  20.     From: "Ben Clark" <bencoder@googlemail.com>
  21.     Date: 21 October 2010
  22.     Subject: Password security - why I'll no longer be using tesco online
  23.  
  24.     Hello there,
  25.  
  26.     This should probably be passed onto your web/IT team.
  27.  
  28.     Today I used the forgot password link on your website and my original
  29.     password was sent in plain text via email. I am a professional web
  30.     developer who works and has worked on several high profile, security
  31.     conscious, e-commerce based websites. The fact that you sent me my
  32.     original password in plain text tells me that you are not storing the
  33.     password hashed (aka 1-way encrypted). This is a very basic level of
  34.     security that would protect your customers should your database get
  35.     compromised by preventing anyone from seeing your customers passwords.
  36.     It also prevents potentially malicious people within the organisation
  37.     from being able to see the password.
  38.  
  39.     Knowing that you don't use this minimal protection of your customer
  40.     details tells me that I cannot trust the tesco.com website any longer
  41.     and will therefore cease using it and will shop with a competitor in
  42.     future.
  43.  
  44.     I should also mention that I was initially impressed when first
  45.     signing up some time ago that my welcome email gave my username and
  46.     did not include my password but said: "Your password is known only to
  47.     yourself". This gave me confidence that the tesco.com software
  48.     engineers understood web security, that my password was probably
  49.     stored hashed and that they knew not to send passwords through an
  50.     insecure, unencrypted medium such as email. Unfortunately I discovered
  51.     the opposite today.
  52.  
  53.     Yours,
  54.  
  55.     Ben Clark
clone this paste RAW Paste Data