11 January 2016

RateMyProfessors.com data breach: Here's what is known so far

On Monday, the website RateMyProfessors.com sent an email notifying its registered users about a data breach. This is what we have so far:

1. A decommissioned website was still online and vulnerable to some exploit.
2. The passwords were apparently stored in the clear.
3. In addition to the notification email, the front page of the website has a tiny banner in the bottom left corner to notify its users of the breach.

Here's the text of the notification email:






Notice that the language of the notification refers to "passwords." Not encrypted passwords. Not password hashes. Just passwords. In the clear? Really? If true, this is not good for them.

Here's a screenshot of the front page of the website. This is how Rate My Professors is choosing to notify visitors about its data breach:


No red arrow, of course. Just cute cat pictures and a very small red banner notice that could very easily be overlooked.

How many affected users? No numbers yet. All registered users, potentially.
Post a Comment