GCHQ Shamed Over Plain Text Password Emails

By Gary Cutlack on at

The UK's security agency has committed the ultimate modern tech crime of sending out password reminders in plain text format, with a GCHQ job applicant seeing his password reminders arrive in shameful, zero-security, pasted-in-an-email style.

The discovery was made by potential spy Dan Farrall, who applied for a job with GCHQ a couple of months ago. When applying he realised he had an account but couldn't remember the password -- so asked for a reminder. Which then arrived as plain text in the body of an email. A big no-no, especially for a sensitive government agency.

Dan then mailed GCHQ to alert them of this potential security hole, as any good amateur IT man would. However, two months later, and with no reply coming back, he had another look and found plain text reminders were still being issued. So GCHQ either doesn't know, doesn't care, or can't be bothered fixing it.

While we have no way of knowing if the plain text blunder only applies to users of its recruitment mini-site, seeing the nation's supposed gatekeeper make such an enormous technical faux pas doesn't exactly instil confidence in its abilities to secure the country's other, more critical, IT systems.  [Dan Farrall via The Register]