PhotoBox sorry after email "screw up"
By Nicole Kobie
Posted on 9 Aug 2010 at 17:25
PhotoBox has apologised for sending customers email marketing messages with user names and passwords in plain text.
The photo printing site apparently sent the emails to customers who haven't ordered for a while, raising security concerns by including unencrypted password details.
Some customers took to Twitter to complain about the email. "I was just emailed my password in plain text by PhotoBox, when I didn't request it," asked one customer. "Does that mean they also store them unencrypted?"
Another echoed those thoughts: "Surprised that PhotoBox send out random emails with account passwords in plain text, front and centre. Not great security practice, surely?"
Over on Facebook one user said: "I just closed my account with you guys because you sent me my password in plain text. That is incredibly bad security."
On the PhotoBox Twitter feed, the firm apologised: "We really screwed up today and we're really sorry. It will never happen again and we're genuinely sorry for letting some of you down."
From around the web
So what?
What am I going to do with your Photobox id & pw? Send in my photos and get them sent to your house? I doubt this compromises payment / your card details.
As usual some people have reacted as if it's the end of the world. It's careless but Photobox have apologised and there's no harm done.
JH
By JohnHo1 on 9 Aug 2010 
Jlbrad
I got sent my u/name & password - agreed careless but actually ended up being useful... I went back on to Photo Box and ordered all my recent travel snaps... Cant wait for my Photobook.
By jldeaks on 9 Aug 2010
Excellent opportunity to close my account. They've got brownie points from me just allowing you to do that. But I'm afraid I just don't use them anymore, and I'd completely forgotten about my account. This was the proverbial last straw.
By c6ten on 9 Aug 2010
Password security is important
JohnHo1 says, so what?
It is well known that rightly or wrongly, a lot of people use the same password for different websites, and some people, even for banking sites, so revealing passwords by email, or having unencripted passwords stored on any system, is not acceptable.
By giltbrook on 10 Aug 2010
Can store passwords but not your photo credits?
I stopped using them when they introduced a time limit on their photo credits in order to screw more out of their customers.
If they can store my username and password for three years, I see no reason why they cant store an integer to hold the number of credits I have paid them for but not used!
By Fraz_pro on 10 Aug 2010
That's strange!
Is this the same company that the current PC Pro gave a 5 star review and described as "a great all round service"?
By ironbath on 10 Aug 2010
Can store passwords but not your photo credits?
I stopped using them when they introduced a time limit on their photo credits in order to screw more out of their customers.
If they can store my username and password for three years, I see no reason why they cant store an integer to hold the number of credits I have paid them for but not used!
By Fraz_pro on 10 Aug 2010
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk