A year ago, I wrote about Plain Text Offenders a website dedicated to naming and shaming Web sites that store their user’s passwords in plain text. Sadly, the Website has recently celebrated their 1000th post. Think about that for a moment. One thousand Websites storing passwords in plain text. No salting. No hashing. Just your password (and presumably other credentials) in plain text.
This would be merely bad if it exposed user accounts only on the offending site. Unfortunately, too many users reuse their passwords so multiple accounts are at risk making this transgression really bad. But the news is not all bad: seven (!) sites have reformed their ways and been removed from the list. I’m sure that will make you feel better.
Keep in mind that this is not merely some pointy haired boss with no clue doing this. This code is being written by developers who should know better. There really is no excuse.