T-Mobile Stores Part of Customers’ Passwords In Plaintext, Says It Has ‘Amazingly Good’ Security
The company admitted on Twitter that it stores at least part of their customer’s passwords in plaintext. This is a big no-no in this day and age because if anyone breaches T-Mobile (and companies are breached all the time), they could likely guess or brute-force every user’s password. If the passwords were fully encrypted or hashed, it wouldn’t be that easy.
But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password.