I've just found my username and password in a URL in my web history, after editing my account details with a major UK ISP.<p>Give me some perspective - how bad is this, and how seriously should they be taking it?
What exactly is happening there if you log into your account? Is it the case that there is no https (instead of http) and the username and password are transmitted as parameters like this:<p>http : // some.example.com/login.php?username=someuser&password=ultrasecret<p>Then your username and password can be captured by any computer between your browser and the website you were trying to log in. This should not be happening anymore today, it is very insecure.
I'd definitely report it and switch ISPs if it wasn't fixed in short order. Even if it was an account to something I didn't really care all that much about like controlling my DVR.