For those of you who aren’t British and don’t know what GCHQ is and why this is a big deal, take a look HERE
Essentially it is the government organization designed to protect us from cyber threats, the British equivalent of the NSA if you will.
So a few months ago i was looking around for some jobs to apply for. One particular one did take my interest with GCHQ, and i decided to look at the application (Didn’t apply in the end so largely irrelevant).
Turns out i already had an account here, but couldn’t remember the damn password, you would think due to such tight password requirements, but alas no. I threw my email into the forgotten your password form, to be greeted by the following.
And yes, that was my password, in plain text, tagged to the end.
Pretty shocking in my opinion, so i sent them an email on the 28th of January letting them know about this issue, but have heard nothing back.
After checking back today, almost 2 months later, this still has not been fixed so i can only assume they have ignored it.
Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this.
For those that don’t think this matters, bear in mind the type of information you’re submitting to these online applications. Names, dates, family members information, passport numbers, housing information. With this type of information identity theft is a major concern.
Below is proof that at time of writing, this is still an issue.
This post has become quite popular and as such i request you don’t hot link the images. I have already been forced to upgrade bandwidth once and not sure i’ll be able to do it again!
Thanks for all the comments, it’s certainly been interesting reading them all on various sites.