plaintext passwords

[JGFnXPdCXtBaWbHVTA]

It's been over a year since xmaslightguy posted about being e-mailed his password.

https://forum.hentaiheroes.com/index.php?/topic/4086-password-being-stored-as-plain-text-not-secure/

And it happened to me just yesterday

Quote

Kinkoid uses a unified system. You need to set up an account once and you can enjoy all our games. Please note, that by setting up this account, any existing and inactive Kinkoid accounts that were created with this email address will have their passwords updated to the password you've chosen here. Please keep this e-mail for your records. Your account information is as follows: E-mail: [my e-mail] Password: [my plaintext password] Nickname: grefog

For a site that expects us to trust them with our credit card numbers this should worry every user of hentai heroes.

websites can and do get breached constantly https://en.wikipedia.org/wiki/List_of_data_breaches so you should prepare for that happening to you too. When, and it is a when not an if, your password database is stolen it is only reasonable that you'd want to protect your users. You can do that by not storing information about us needlessly and protecting the information you do store in secure fashion. I recommend you implement salted bcrypt and store only our password hashes. It's not 1970 anymore and you need to up your security game if you want to be taken seriously as a company.

So please, for the people who enjoy and support all that you do, don't leave us vulnerable when the worst happens because you think the privacy of your users can be put off for yet another year.

[tartza]