SuperProf private tutor site massively fails password test, makes accounts super easy to hack

“This isn’t super. The level of incompetence is astonishing”

“SuperProf, which claims to be ‘the world’s largest tutoring network’, has made its newest members’ passwords utterly predictable… leaving them wide open to hackers.” All the temporary passwords were the person’s first name with the word “Super” before it.

SECURITY HINT: If a site you signed up for ever sends you a password via email, CHANGE THAT PASSWORD IMMEDIATELY!  And if they send you THAT password in a confirmation email, let them know in no uncertain terms that this practice is unacceptable.

We had exactly that happen with the ‘service’ our son’s school used to collect *personal financial data* for scholarship applications. We contacted them and threatened to contact the Attorney General. Though it took them longer than we would have liked, they did rewrite that part of their site so that it now behaves in a much more secure manner. (They also fired the person responsible). Don’t be afraid to make a fuss!

Full article:

Posted in Hack, Tip.