A quick follow up on my previous article about my Gmail account being hacked.
I was trying to log in to my stumble upon account, but seemed to have the password wrong. So I submitted a “Forgot your Password” form, and received an email from stumble upon with my actual password in it. Not a password reset option, or a new randomly generated password, but my actual old password (which I thought i had already changed).
As if that alone wasn’t bad enough, when I then go and change my password they email me and tell me what the password has been changed to (in plain text of course) and state:
“Please keep this email for future reference.”
I actually messaged StumbleUpon and recommended they reconsider this method of dealing with passwords. I’m sure most people will do what they say and keep the email, and then some of them will live to regret it one day too…