Comments on: Match.com just sent me an email containing my password in plain text! /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/ A place for my thoughts when I was starting to break into the information security feild Wed, 30 Oct 2024 17:15:23 +0000 hourly 1 https://wordpress.org/?v=6.6.2 By: Steven /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-4313132 Sat, 18 Apr 2015 21:07:16 +0000 /?p=228#comment-4313132 I just signed-up for match.com and guess that was included in an email from them: My password, in plaintext!

]]> By: Nathan /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-163273 Sat, 16 Aug 2014 14:29:03 +0000 /?p=228#comment-163273 Yikes this is pretty bad. It’s almost 2 years later and they’re still doing it! I clicked forgot password and bam, plaintext password sent to me in my email.

They don’t even verify emails! This is just ridiculous

]]> By: Graeme Robinson /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-153121 Mon, 28 Jul 2014 16:26:27 +0000 /?p=228#comment-153121 In reply to Bradford C. Vokey.

I think maybe it’s time to escalate. Perhaps @SamYagan (CEO of Match.com) might be worth contacting…

Update:Tweeted him: https://twitter.com/Grezzo82/statuses/493796324048117760

]]> By: Bradford C. Vokey /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-145038 Mon, 07 Jul 2014 19:24:24 +0000 /?p=228#comment-145038 It is even worse, much worse, than you have thought…

Match.com does not ‘verify’ your email before they use it and store it in your account.

We (as owners of the domain ‘matchmake.com’) have been receiving email from their servers with private log-on information (and much more) because people (for some reason) have been entering their email addresses using our domain by mistake. Match.com happily accepts it even though they have NO access to it and never verified it and blindly gives anyone with access to the mistyped email address FULL access to their Match.com account.

At first we thought it was just some fake robot accounts being set-up with random email addresses – but it is not. These accounts have fully registered credit cards in their profiles and are fully active subscriptions.

Pretty lame Match.com, pretty lame.

We are debating what we should do about it and the 707 emails we have received from them in just the last 5 months…

]]> By: Danny /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-132395 Sun, 01 Jun 2014 23:49:22 +0000 /?p=228#comment-132395 Well I’ve just requested a password reset today and yes: Plaintext. Nothing appears to have changed 17 months after your initial report.

]]> By: Anonymous /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-101111 Sat, 15 Mar 2014 20:41:42 +0000 /?p=228#comment-101111 This problem is still not fixed. If they can’t protect your password, I guarantee they cannot protect your privacy from other members.

]]> By: Andrew /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-194 Mon, 17 Jun 2013 23:58:31 +0000 /?p=228#comment-194 / This has not been fixed and I don’t see the issue being resolved anytime soon, I’ve also updated the post at http://plaintextoffenders.com/

]]> By: Scott /match-com-just-sent-me-an-email-containing-my-password-in-plain-text/#comment-193 Sat, 15 Jun 2013 14:13:25 +0000 /?p=228#comment-193 I just asked to reset my password today and they instead emailed me my password. No, nothing changes after what appears 6 months since your post/experience

]]>