Security researcher warns of power company customers' passwords being stored in the clear, software provider responds with lawyer-letter

Originally published at:


Years ago I used to use a unique email address for each account I accessed.
It is easy if you have your own domain and can forward everything to a single email address.
I did this to see if any of them ended up in the hands of spammers. That way I could just change the problematic one and be done with it.

I stopped doing this after finding that spammers were not getting my unique email addresses and it was a big waste of time.

Now I have started doing this again, but for another reason of course.
Yeah I have different passwords, but each account I have uses a unique email address again.


“Let’s all give Mark Cole a big hand for agreeing to demonstrate ‘lawful evil with passive agressive characteristics’ for us. He did a great job!”


…because this was not prohibited by PCI-DSS, …there was no problem.

It’s also not prohibited for me to ground the hot side of the nearest substation. That doesn’t make it a good idea!


SEDC is going to be SO screwed when their data is stolen. That’s a when, not an if. Their customer’s lawyers can simply show this exchange to demonstrate SEDC’s complete indifference to data security.


because this was not prohibited by PCI-DSS, an industry regulation governing storage of customer billing information…there was no problem

So what you’re saying is that we need new regulations that force companies to use security best practices or face some sort of consequence for not doing so. And you’re not going to complain when these regulations are enacted, right? Claiming that they stifle job growth, discourage innovation, and cause cancer?

I’m glad we’re finally all on the same page.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.