1

I was reading this question that mentions plaintextoffenders - I was unaware of this site before and checked it out. I noticed that many of the entries on the list are from 2011 (all the ones I checked which is much less than the 5000+ total).

There's a "reformed" section but the offender list is a lot longer, with a few sites that I haved used in the past. The entries that I checked only have a single post to them with a screenshot of showing the issue but nothing more.

Is it known that the list on Github is still valid (that is, entries on the offender list are still known offenders, even though their only entry is from 2011)? (The list itself was recently updated with new additions.)

xxbbcc
  • 172
  • 6
  • maybe http://plaintextoffenders.com/submit – w33haa Mar 28 '19 at 19:47
  • @w33haa What do you mean by that? My question is about whether all current offenders are still known to be offenders today (after them being reported in 2011). I read through the Submit page but it doesn't talk about this. – xxbbcc Mar 28 '19 at 20:53
  • 1
    It seems like it's entirely driven by user submitted reports. The company may have fixed it but not gotten updated, or it may still be a problem. You may wish to directly inquire with any company that's still on the list to see if they may want to submit a request to be moved to the reformed section. – Daisetsu Mar 28 '19 at 21:08
  • 1
    @Daisetsu ok, thank you - that was my thinking, too; I just wanted to see if there was better information available. Basically the records are good to say at one point this site was unsecure but it may have changed since then. – xxbbcc Mar 28 '19 at 21:13
  • @Daisetsu If you put that in as an answer, I'll accept it - it makes sense. – xxbbcc Mar 29 '19 at 15:27

1 Answers1

2

The plaintextoffenders.com list is built from user submitted reports along with screenshots censoring sensitive data.

The FAQ says they rely on their community to contact companies. They also rely on companies contacting them to be removed from the list if they think they are listed in error, or if the issue has been corrected.

The validity of the claims could be somewhat dependent on how old the report is. It's possible that the company has since updated their security but not submitted a request to plaintextoffenders to be removed.

If you are thinking of using a company listed, you can always contact them yourself and ask if the situation has been resolved.

Daisetsu
  • 5,120
  • 1
  • 15
  • 24