If you have an account with BidVertiser, your password is stored in plain text and emailed back to you when you request it. This also means customer service can look up your account and get your password.
I informed them of this and their response was:
Done by: Customer Service, Publishers & Referral Status: Closed Action Date: Monday, 07/04/2011 03:30 PM
Respond:
Dear Travis,
The option to include login information in our contact emails is available through your control panel, through Account Management – Edit Profile. I have disabled the option for you.
Best Regards,
BidVertiser Support Team
To which I replied:
Done by: customer Status: Follow Up Action Date: Monday, 07/04/2011 02:03 PM
Customer Comment:
You’ve missed the point. Passwords are not to be stored in plain text and emailed out to your users over insecure connections. Passwords should be reset, not sent. If someone were to get into your database without your knowledge, they would also be able to compromise each account without any sort of password attack, since you guys would just show the passwords to them.
We’ll see if they even care.
### edit ###
Response:
Dear Travis,
Noted.
Best Regards,
BidVertiser Support Team
###
I guess they do not care.
