Did you receive that email after registering? The controller action processing y... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

getsat on Jan 30, 2012 | parent | context | favorite | on: Virgin America Stores Your Password in Plaintext

Did you receive that email after registering? The controller action processing your request would have access to the POSTed plaintext password and could pass it right into the email template before it's sent (or queued to be sent). This doesn't mean they're storing it in plaintext.

If you request a password reset and they send back your plaintext password, then they likely are.

  Notifier.new_signup(:email => params[:email], :password => params[:password]).deliver

jamiequint on Jan 30, 2012 [–]

I got it over a year later, just cancelled a flight and got an email reminding me of the credit they set me up with. My login and password were in that email, so the above scenario does not seem like what is going on.

getsat on Jan 31, 2012 | [–]

Huh, in that case, you're probably right. Scary/disconcerting.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact