Guest User

Tesco support

a guest
Jul 30th, 2012
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. On 28 October 2010 12:30, Support <> wrote:
  3. Dear Mr Clark
  5. Thank you for contacting me and please accept my apologies for the delay in replying to you.
  7. I've had a word with my support team and asked them if they're stored with ‘one way encryption’ or any encryption and they say that although the information is not encrypted the level of security surrounding the password means that only the senior technical positions could access the information.
  9. I'm sorry that you've decided to terminate shopping with us due to this issue as to my knowledge we've never been hacked and they've tried. The main issue with regard password theft is Phishing and there're a number of those emails going about at the moment.
  11. If you’ve any further queries please don’t hesitate to contact me at quoting TES8404228X.
  13. Kind Regards
  15. Stephen Wood
  16. Customer Service Manager
  17. Support
  19. ----- Original Message -----
  20. From: "Ben Clark" <>
  21. Date: 21 October 2010
  22. Subject: Password security - why I'll no longer be using tesco online
  24. Hello there,
  26. This should probably be passed onto your web/IT team.
  28. Today I used the forgot password link on your website and my original
  29. password was sent in plain text via email. I am a professional web
  30. developer who works and has worked on several high profile, security
  31. conscious, e-commerce based websites. The fact that you sent me my
  32. original password in plain text tells me that you are not storing the
  33. password hashed (aka 1-way encrypted). This is a very basic level of
  34. security that would protect your customers should your database get
  35. compromised by preventing anyone from seeing your customers passwords.
  36. It also prevents potentially malicious people within the organisation
  37. from being able to see the password.
  39. Knowing that you don't use this minimal protection of your customer
  40. details tells me that I cannot trust the website any longer
  41. and will therefore cease using it and will shop with a competitor in
  42. future.
  44. I should also mention that I was initially impressed when first
  45. signing up some time ago that my welcome email gave my username and
  46. did not include my password but said: "Your password is known only to
  47. yourself". This gave me confidence that the software
  48. engineers understood web security, that my password was probably
  49. stored hashed and that they knew not to send passwords through an
  50. insecure, unencrypted medium such as email. Unfortunately I discovered
  51. the opposite today.
  53. Yours,
  55. Ben Clark
RAW Paste Data Copied