While we really like its send later feature, which allows users to schedule tweets and the stats HootSuite provides for tracking clicks on your tweeted hyperlinks, today I stumbled across a big no-no:
HootSuite stores our passwords in plaintext!
Now, why is this a bad thing and how do others handle it?
It’s bad because potentially anybody at HootSuite who has access to the website’s database (very likely just a plain old MySQL one) can easily take away every single password for every single HootSuite account, log in as you or try your “secret” little password with another service.
Even worse: If due to a security issue anybody outside of HootSuite gets access to the data, thousands of HootSuite accounts will be exposed to fraud.
If you’re like me and do use a password with more than a single service chances are, the combination of your HootSuite account email address and your plaintext password will work elsewhere. Yes, I know, we should create a very unique password for every service we use, but hey, we are all humans.
The standard way of storing account credentials is to create a hash for your given password.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data (your plaintext password) and returns a fixed-size bit string (the hash), such that an accidental or intentional change to the data will change the hash value (Wikipedia). The key here is: A hash is a one-way function. So, whenever you log in the hash for the password you provide is created again and compared to the one stored in the sites database.
However, there is no way for anybody to reverse engineer your password by just looking at the saved hash values.
That’s why the majority of websites do not provide any means to retrieve your current password via their “lost password” link, but ask you to create a new one. They don’t know it because they don’t store it.
So, dear HootSuite, please give your loyal users a bit more security and change the way you handle our passwords.