Internet and cable service provider RCN was caught storing its usernames and passwords in plain text format after a user contacted the company’s support staff in the weekend. Twitter user Lomgrim revealed that he contacted the RCN support staff and a representative was able to pull his 26-character random password generated using KeePass. The support staff was able to see the password without even verifying the identity of the owner.
Lomgrim made a Reddit post revealing the whole experience with the support staff. Other users also claimed that they had a similar experience in the past. The support staff also does not see any issues with having passwords stored in plain text form. The ISP responded to the issue stating "RCN takes all our customer inquiries, concerns and feedback very seriously. We are looking into this matter; we are in contact with the customer and are gathering all the pertinent information.”
@rosshettel RCN reps have access to your webmail password and MyRCN password in case you were to ever forget them. -Jackie
— Astound Broadband (@astoundconnects) February 21, 2014
RCN’s decision to store passwords without any form of security can lead to data breaches. With other companies being found guilty of not securing private data of users, the ISP sees no problem at all with relaying passwords to anyone who calls without verifying their identity. It can lead to not only cybercriminals attempting to steal the unsecured passwords, but also stalkers can initiate calls and steal passwords of their victims.
Moreover, RCN tech support also allows anyone to modify their billing details or security question and answer over the phone without even requiring their old password. After an investigation, news outlets reveal that this has been a trend at the ISP for four years. All customer support representatives have access to personal data in case users forget their passwords according to a tweet from the official RCN account in 2014.
What do you think about RCN’s lack of security? Let us know in the comments below. Also, don’t forget to follow us on Facebook and Twitter. Thanks!