When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

T-Mobile Austria stores passwords in plain text because its security is 'amazingly good'

If you had difficulty wrapping your head around how third-party apps could access your information on Facebook so easily, you'll probably get a migraine after reading this. It appears that T-Mobile Austria stores customer passwords in plain text in its database because its security is "amazingly good".

In a mind-boggling Twitter thread, people who manage the T-Mobile Austria account have confirmed that customer service agents see the first four characters of a user's password and that the whole credential is saved in the database in plain text.

This essentially means that a potentially rogue customer service agent who accesses the first four characters can generate the remaining part of the passwords with relative ease using a brute-force method. And if there's a data breach, the passwords will be available to the attacker in plain text. When this was explained to the T-Mobile representatives, they went on to state how there is nothing to fear because T-Mobile's security is "amazingly good".

While T-Mobile Austria customers have genuine reasons to be worried, T-Mobile CEO John Legere has clarified that the company's US division doesn't store passwords in plain text.

It's currently unclear if action will be taken to secure passwords by methods such as hashing, but it's certainly baffling to see companies defend moves such as these in this age of cybersecurity.

Report a problem with article
Next Article

Master Game Development with this Pay What You Want Bundle

Previous Article

Essential knows the camera on the PH-1 was bad, but promises something better for follow-up

Join the conversation!

Login or Sign Up to read and post a comment.

40 Comments - Add comment