This is a misunderstanding. The CS agent has access to a plaintext (security question) password that can be used under special circumstances. It must be readable to function.
Toronto Hydro isn't just "a major utility company"<p>It is entirely government owned and the largest electricity provider in the province.
This is actually more commonplace than you'd think. It doesn't seem to be updated anymore, but there is a web site that listed such services:<p><a href="https://plaintextoffenders.com/" rel="nofollow">https://plaintextoffenders.com/</a>
There was this alleged Alberta AHS privacy breach:<p><a href="https://old.reddit.com/r/alberta/comments/1c7lk3z/ahs_privacy_breach/" rel="nofollow">https://old.reddit.com/r/alberta/comments/1c7lk3z/ahs_privac...</a><p>Don’t know if that went anywhere… anyone know?
Is Reddit considered a news source now? Half of the posts on the front page are made up fictional writing, and the other half are politics and repeated questions, for the purposes of karma farming.<p>How do we know that the OP of this post did not make these claims up?
I've got news for you - they aren't the only ones. Other big companies in the utilities and financial sector also do this, and even some banks.<p>Often it's a product of repeated acquisitions, where the lowest common denominator across disparate systems is some kind of text-based format.<p>That said, I'm surprised a customer service agent ostensibly had access to it.<p>From my own observations (some made during efforts to champion change), industry has gotten better over time. There shouldn't be cases anymore where salted hashes or other alternatives can't be achieved, and I'm pleased to see the public take security and privacy seriously.
I've never designed a system that needed to be secure, nor have I been tasked with breaking one, but...<p>Is plaintext really that much worse than hashed/salted/whatever storage? If the user generated a hard-to-guess password, then the user is also unlikely to reuse it. If the user generated or reused a memorable password, then it would be not too costly to guess most of them using a dictionary attack or whatever the state of the art is for guessing non-random passwords.<p>Is this just defense in depth, or deterrence, or is there something I'm missing that makes the plaintext storage really much more dangerous?
This is bad for anyone who recycles passwords. Most everyone I guess.<p>I’m sure they aren’t the only company to do so<p>I don’t think having an online account with your utility provider is required or smart. Good old postal mail is the way.
The thing is probably running on decades-old code that makes common security practices (like storing only salted hashes of passwords) hard.<p>I wouldn't be surprised if there's code in there written in old-style mainframe COBOL or even (gasp) RPG.<p>Sigh.
Why is this a big deal? Hiring a contractor is 100% more insecure than this. I’m not recommending you do it, but it’s basically just people celebrating they now how to do this, but it’s actually never been exploited once in human history. Yet big brain security people trust contractors to write code and nobody bats an eye.