{"id":25698,"date":"2019-02-25T16:44:42","date_gmt":"2019-02-25T16:44:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29863\/Utility-Customers-Passwords-Stored-In-Plain-Text.html"},"modified":"2019-02-25T16:44:42","modified_gmt":"2019-02-25T16:44:42","slug":"utility-customers-passwords-stored-in-plain-text","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/","title":{"rendered":"Utility Customers&#8217; Passwords Stored In Plain Text"},"content":{"rendered":"<aside id=\"social-left\" aria-label=\"Read the comments or share this article\">\n<h4 class=\"comment-count-before\"><a title=\"100 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/tech-policy\/2019\/02\/plain-wrong-millions-of-utility-customers-passwords-stored-in-plain-text\/?comments=1\">reader comments<\/a><\/h4>\n<p><a title=\"100 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/tech-policy\/2019\/02\/plain-wrong-millions-of-utility-customers-passwords-stored-in-plain-text\/?comments=1\"><span class=\"comment-count-number\">216<\/span> <span class=\"visually-hidden\">with 100 posters participating, including story author<\/span><\/a><\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/div>\n<\/aside>\n<p>In September of 2018, an anonymous independent security researcher (who we&#8217;ll call X) noticed that their power company&#8217;s website was offering to email\u2014not reset!\u2014lost account passwords to forgetful users. Startled, X fed the online form the utility account number and the last four phone number digits it was asking for. Sure enough, a few minutes later the account password, in plain text, was sitting in X&#8217;s inbox.<\/p>\n<p>This was frustrating and insecure, and it shouldn&#8217;t have happened at all in 2018. But this turned out to be a flaw common to websites designed by the Atlanta firm <a href=\"https:\/\/www.sedata.com\/our-solutions\/cyber\/\">SEDC<\/a>. After finding SEDC&#8217;s copyright notices in the footer of the local utility company&#8217;s website, X began looking for more customer-facing sites designed by SEDC. X found and confirmed SEDC&#8217;s footer\u2014and the same offer to email plain-text passwords\u2014in more than 80 utility company websites.<\/p>\n<p>Those companies service 15 million or so clients (estimated from GIS data and in some cases from PR brags on the utility sites themselves). But the real number of affected Americans could easily be several times that large: SEDC itself\u00a0<a href=\"https:\/\/www.sedata.com\/about\/\">claims that more than 250 utility companies<\/a> use its software.<\/p>\n<div class=\"gallery shortcode-gallery gallery-wide\">\n<ul>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/Screenshot-from-my.ycnga_.com-cropped-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/Screenshot-from-my.ycnga_.com-cropped.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/Screenshot-from-my.ycnga_.com-cropped.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/Screenshot-from-my.ycnga_.com-cropped.png 2560\" data-sub-html=\"#caption-1453003\">\n<div class=\"caption\">Please don&#8217;t email me my password. Better yet, please explain why you can email me my password in the first place!<\/div>\n<\/li>\n<li data-thumb=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/yourpassword-redacted-150x150.png\" data-src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/yourpassword-redacted.png\" data-responsive=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/yourpassword-redacted-980x349.png 1080, https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/yourpassword-redacted.png 2560\" data-sub-html=\"#caption-1453027\">\n<div class=\"caption\">Yep, that&#8217;s a password emailed in plain text, all right.<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p>Most of the information in this story came to Ars directly from X, who was frustrated with the extreme indifference of the companies involved after several months of continued effort to work with them. I confirmed the technical details of X&#8217;s claims by examining many of the affected sites myself, and by reviewing X&#8217;s communications with their own utility company and with SEDC. EFF Senior Information Security Counsel\u00a0<a href=\"https:\/\/www.eff.org\/about\/staff\/nate-cardozo\">Nate Cardozo<\/a>\u00a0(who will famously be leaving to <a href=\"https:\/\/arstechnica.com\/tech-policy\/2019\/01\/facebook-just-hired-a-handful-of-its-toughest-privacy-critics\/\">help WhatsApp clean up its privacy issues<\/a>) and EFF attorney\u00a0<a href=\"https:\/\/www.eff.org\/about\/staff\/jamie-williams\">Jamie Williams<\/a>\u00a0have been advising X concerning legal and ethical disclosure responsibilities during the entire process\u2014because even today, the threat of legal action may come before a potentially flawed company offers anything resembling thanks or takes the necessary steps towards better security hygiene.<\/p>\n<p>Ars reached out to X&#8217;s utility company and to Mark Cole (SEDC&#8217;s General Counsel), but we received no response from either.<\/p>\n<h2>Plain-text passwords<\/h2>\n<p>X did not attempt to discover any direct exploits into any of the utility firms or into SEDC&#8217;s own payment site. There&#8217;s no smoking gun here that says &#8220;somebody can just grab all these passwords and run.&#8221; That said, website compromises are much like entropy: <a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_data_breaches\">they trend toward the maximum<\/a>. Once a website is breached, the first thing attackers do is to dump the password database.<\/p>\n<p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/SEDC-cyber-security-is-a-process.png\" class=\"enlarge\" data-height=\"974\" data-width=\"1453\" alt=\"Cyber security is a process\u2014but that process does not include unencrypted password storage.\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/SEDC-cyber-security-is-a-process-640x429.png\" width=\"640\" height=\"429\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/SEDC-cyber-security-is-a-process-1280x858.png 2x\" alt=\"Cyber security is a process\u2014but that process does not include unencrypted password storage.\"\/><\/a><\/p>\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/SEDC-cyber-security-is-a-process.png\" class=\"enlarge-link\" data-height=\"974\" data-width=\"1453\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Cyber security is a process\u2014but that process does not include unencrypted password storage.<\/div>\n<p>This isn&#8217;t generally necessary to access accounts on the compromised site itself; once you&#8217;ve got root in the infrastructure, odds are pretty good you can already do whatever you&#8217;d like in that site. But what makes those user passwords so valuable is their use as pivot points.<\/p>\n<p>Most users, unfortunately, re-use passwords between different websites and Internet-accessible accounts with wild abandon. They may change it up a little bit\u2014add a number on the end here, stick a special character in the middle there\u2014but this doesn&#8217;t actually add a significant degree of security. Modern penetration tools (like <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/testing\/fuzzing-approach-credentials-discovery-burp-intruder-33214\">Burp Intruder<\/a>) automatically &#8220;fuzz&#8221; passwords as necessary when the attacker attempts to use them to access other, more valuable resources.<\/p>\n<p>These exploitable resources include just about anything from which you can make money; eBay accounts, Amazon accounts, even <a href=\"https:\/\/www.pandasecurity.com\/mediacenter\/news\/how-to-obtain-thousands-world-of-warcraft-accounts-for-free\/\"><em>World of Warcraft<\/em> accounts<\/a> are popular targets for an attacker looking to make a quick buck. Even more worryingly, if a user re-used their email password (or some variant thereof) to log into the compromised website, the attacker can leverage access to the user&#8217;s email account to reset the passwords to just about anything else the user accesses online.<\/p>\n<p>This is romper-room security stuff for 2008, let alone 2018. Arguably, the utility firms that contracted with SEDC for billing software and services are large enough\u2014and responsible for enough customers&#8217; data\u2014that they should be aware of and diligent about this kind of problem themselves. In reality, most companies are an awful lot like end users: they don&#8217;t know, or care, as much about security as the typical Ars Technica reader might like.<\/p>\n<blockquote class=\"large\">\n<div class=\"pullquote-content\">In 2019, it&#8217;s ridiculous that vendors are replying to security researchers via general counsel, not a bug bounty\u00a0program.<\/div>\n<div class=\"pullquote-attribution\"><span>Nate Cardozo, Senior Information Security Counsel, EFF<\/span><\/div>\n<\/blockquote>\n<p>If you find yourself wondering\u2014&#8221;What&#8217;s so bad about storing passwords as plaintext?&#8221;\u2014it comes down to this: passwords are among the most important data assets any organization has. In much the same way, companies get fire insurance with the hope they&#8217;ll never use it, organizations must have robust hashing regimens to protect passwords in the event there is ever a breach. This point has come up on Ars again and again over the years, and it&#8217;s explained well by password cracking expert Jeremi Gosney <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/06\/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords\/?comments=1&amp;post=29209515\">in this story about a 2015 hack against LastPass<\/a>:<\/p>\n<blockquote>\n<p>If we could trust computers to keep secrets a secret, then we wouldn\u2019t have to worry about protecting sensitive data at rest. But we can\u2019t, so we do. Password databases can be compromised through a myriad of vectors\u2014up to and including physical theft\u2014and you have to plan for the eventuality that your database will be compromised. How you protect the data in the database is what really matters, and this is precisely why we have password hashing, and this is also why the threat model for password hashing starts with a compromised password database. Think of password hashing as an insurance policy. The stronger the password hashing is, the more time you buy for yourself and your users in the event of a breach: time to identify and contain the breach, time to notify your users, and time for your users to update their passwords.<\/p>\n<\/blockquote>\n<p>What about SEDC? No company that bills itself as <a href=\"https:\/\/www.sedata.com\/our-solutions\/cyber\/\">&#8220;cyber security experts&#8221;<\/a>\u00a0should need the security implications of plain-text password storage explained to them. This software shouldn&#8217;t have been written this way in the first place, and the response to the disclosure of this vulnerability should have been rapid, courteous, and sincere\u2014not a protracted, hostile back-and-forth with legal counsel.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29863\/Utility-Customers-Passwords-Stored-In-Plain-Text.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":25699,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[5941],"class_list":["post-25698","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineprivacyflawpassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Utility Customers&#039; Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Utility Customers&#039; Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-25T16:44:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"429\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Utility Customers&#8217; Passwords Stored In Plain Text\",\"datePublished\":\"2019-02-25T16:44:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/\"},\"wordCount\":1096,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/utility-customers-passwords-stored-in-plain-text.png\",\"keywords\":[\"headline,privacy,flaw,password\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/\",\"name\":\"Utility Customers' Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/utility-customers-passwords-stored-in-plain-text.png\",\"datePublished\":\"2019-02-25T16:44:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/utility-customers-passwords-stored-in-plain-text.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/utility-customers-passwords-stored-in-plain-text.png\",\"width\":640,\"height\":429},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/utility-customers-passwords-stored-in-plain-text\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,flaw,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacyflawpassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Utility Customers&#8217; Passwords Stored In Plain Text\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Utility Customers' Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/","og_locale":"en_US","og_type":"article","og_title":"Utility Customers' Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-02-25T16:44:42+00:00","og_image":[{"width":640,"height":429,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Utility Customers&#8217; Passwords Stored In Plain Text","datePublished":"2019-02-25T16:44:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/"},"wordCount":1096,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png","keywords":["headline,privacy,flaw,password"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/","url":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/","name":"Utility Customers' Passwords Stored In Plain Text 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png","datePublished":"2019-02-25T16:44:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/utility-customers-passwords-stored-in-plain-text.png","width":640,"height":429},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/utility-customers-passwords-stored-in-plain-text\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,flaw,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacyflawpassword\/"},{"@type":"ListItem","position":3,"name":"Utility Customers&#8217; Passwords Stored In Plain Text"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=25698"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25698\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/25699"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=25698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=25698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=25698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}