In a mind-boggling series of tweets, T-Mobile Austria’s social media managers have confirmed that it stores customer passwords as plain text because its security is « amazingly good ».
If you had difficulty wrapping your head around how third-party apps could access your information on Facebook so easily, you’ll probably get a migraine after reading this. It appears that T-Mobile Austria stores customer passwords in plain text in its database because its security is « amazingly good ».
In a mind-boggling Twitter thread, people who manage the T-Mobile Austria account have confirmed that customer service agents see the first four characters of a user’s password and that the whole credential is saved in the database in plain text.
This essentially means that a potentially rogue customer service agent who accesses the database can generate the remaining part of the passwords with relative ease using a brute-force method. And if there’s a data breach, the passwords will be available to the attacker in plain text. When this was explained to the T-Mobile representatives, they went on to explain how there is nothing to fear because its security is « amazingly good ».
While T-Mobile Austria customers have genuine reasons to be worried, T-Mobile CEO John Legere has clarified that the company’s US division doesn’t store passwords in plain text.
It’s currently unclear if action will be taken to secure passwords by methods such as hashing, but it’s certainly baffling to see companies defend moves such as these in this age of cybersecurity.
