this post was submitted on 28 Sep 2023
312 points (75.6% liked)

Games

32518 readers
1918 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] Mirodir@discuss.tchncs.de 23 points 1 year ago (1 children)

...and if they keep the emails they send out archived (which would be reasonable), they also have it stored in plaintext there.

[–] Thadrax@lemmy.world 0 points 1 year ago (1 children)

Automatically generated emails usually don't get saved.

[–] glitches_brew@lemmy.world 11 points 1 year ago (2 children)

As the designated email dev at my company I can confidently say this is not true.

Not saying that this specific email is persisted, but almost all that I work with are. It's a very common practice.

[–] Rambomst@lemmy.world 3 points 1 year ago

Yeah, we save most emails sent out at my work.

[–] tocopherol@lemmy.dbzer0.com 1 points 1 year ago (1 children)

I wonder how much this varies depending on the amount of data it would require to store the emails of a company. I know nothing about this subject, but does it occur where companies with very large email lists would forgo storing those types of emails to save data costs?

[–] glitches_brew@lemmy.world 2 points 1 year ago

In my experience it varies a lot. Even in our own system certain emails are stored differently. There are a few "we legally have to deliver this email and might need to prove it later" notifications. We store a PDF of those in s3. For others we might just save the data, a sent timestamp, and a key for which email visual template was used.

I also thought of a counter argument to my point overnight. We don't store one super duper high volume email which is the email that only has an MFA code. We would also absolutely never ever dream about allowing a plaintext password in an email, so we're probably following different patterns in the first place.