AutoCrit is Storing Your Password in PlaintextComments
The book editing service AutoCrit.com is storing its users' passwords in plaintext.
When you ask to 'reset' your password, they send you your actual password in plaintext:
Why is this bad?
A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.
Whether it’s someone hacking into their servers, using a simple flaw in their site or even stealing their backups, over 30% of sites store plain text passwords.
I notified them of this urgent issue on the 10th August and they brushed off my concerns, just resetting my password and sending it to me again:
I also sent a tweet out to get the warning out there and make sure this gets fixed as soon as possible:
@plntxtoffenders @omervk @hmemcpy @avienzur Just sent another report your way. https://t.co/YIICvMgUR0 (@EditingWizard) sent me my existing password in plaintext. Warned them about this but they brushed aside my concerns. Please fix this gaping security hole!— Jonathan Baldie (@jonbaldie) 2 September 2018
Please share this so that AutoCrit sort out their security procedure! We need to name and shame websites into taking their users' security seriously.
For further information: http://plaintextoffenders.com/faq/devs
Posted on: 2nd September, 2018
Aspiring writers: Are you concerned about writer's block? Worried that your story will be boring or incoherent?Download "Why a Lack of Planning is Killing Your Story"
Comment Rules: Let's all be cool and rational here. You're free to disagree or give criticism, but rudeness or nastiness aren't okay. Always use your PERSONAL name not your business name, because the latter looks like spam. Thanks for adding to the conversation!