0

I recently found out that a VPN service does not hash their customer passwords and I need professional insight on how to deal with this.

Here's how I found out:

  1. Bought a subscription on the wrong email address.
  2. Changed the password for that account because the one they provided was weak.
  3. Asked support to change the account's email address.
  4. Support changed my email, which made me receive the following email.

I have anonymized the images for obvious reasons.

email with evidence

You can see that I had generated that exact password earlier that day. I had the console open to check the password length because I already had my suspicions. The length being exactly 30 made me double-check in my password manager.

I sent them an email but they didn't seem to understand what I meant. Looking back, I may have been too pushy about it.

What should I do?

schroeder
  • 125,553
  • 55
  • 289
  • 326

0 Answers0