An RCN representative, an American telephone, cable television, and internet service provider based in Princeton, New Jersey, just revealed on Twitter that the company stores their customers' passwords in plain text.
According to the rep's tweet, "agents need to see this password to verify account ownership when certain changes are requested."
This was reported by Twitter user@lomgrim on Reddit , after he had to reopen his RCN account because moving to another location.
The customer service rep on the other end of the phone told him that the password to his new account is the one from his old one, reading it over the phone, from RCN's database.
You would think that calling this terrible security practice would be pointless. However, it might not be the case now, because as stated by RCN's official Twitter account the company does not see storing passwords in plain text as an issue while "customer security is of the highest importance."
RCN customers are advised to enable two-factor authentication wherever possible to protect themselves in case of a data breachThis isnot the first time RCN customers have reported about having their passwords sent in in plain text. In 2016, RCN sent an e-mail containing the password needed to login in their MyRCN account in plain text to one of their clients, as confirmed by a screenshot available in a post on Plain Text Offenders .
According to RCN, the company uses the plaintext-stored password to allow their service reps to verify customer accounts and as a validation method when clients ask for specificinformation regarding their account.
The issue here is that a plain text database of usernames and passwords not only breaches the customer's privacy, but it also puts them in danger seeing that any security breach ofRCN's database can lead to other online accounts owned by the clients being compromised, especially in case of password reuse.
Until RCN decides to do the proper thing and encrypt their customers' passwords, while also finding better ways of validating your account, RCN customers can protect themselves by making sure that they never reuse passwords, by enabling two-factor authentication wherever the service is available, and by using a password manager.
Hello! We understand your concern. Customer security is of the highest importance to us. Agents need to see this password to verify account ownership when certain changes are requested. We will pass your feedback along. -Jackie ― RCN (@RCNconnects) September 22, 2018