Password Stored with Reversible Encryption | |||
 |
Home Depot | Notified 4-19-17; automated reply, no fix as of 7-28-17 | |
 |
Kroger | Notified 4-24-17; no reply; still vulnerable as of 7-28-17 | |
 |
Safeway | Notified 4-21-17; no reply; changed but probably still vulnerable as of 7-28-17 | |
 |
Walgreens | Notified 5-3-17; no reply; still vulnerable as of 7-28-17 | |
Broken SSL | |||
 |
Amazon Price Tracker Not from amazon.com | Notified 4-20-17; no update as of 7-28-17 | |
Plaintext Password Storage | |||
 |
Ace Hardware | Notified 5-16-17; no reply; still vulnerable as of 7-28-17 | |
 |
McDonald's | Notified 5-13-17; no reply; still vulnerable as of 7-28-17 | |
 |
Menards | Notified 5-20-17; no reply, still vulnerable as of 7-28-17 | |
Plaintext Login | |||
 |
7-Eleven Mexico | Notified 5-20-17; no reply, still vulnerable as of 7-28-17 | |
 |
Trader Joes Fan | Notified 5-20-17; no reply, no update as of 7-28-17 (Last updated in 2014) | |
Multiple Vulnerabilities | |||
 |
Delhaize | Password in log, broken SSL, and insecure local encryption Notified 5-14-17; no reply, still vulnerable as of 7-28-17 | |
 |
Publix | Plaintext Password Storage and Broken SSL Notified 5-13-17; no reply, still vulnerable as of 7-28-17 | |
Fixed | |||
 |
Golf Galaxy | Broken SSL, and insecure added encryption Notified 5-21-17 -- FIXED | |
 |
JP Morgan Chase | Password Exposed in Log Notified 5-10-17; no reply, but fixed as of 7-28-17 | |
 |
OptionsHouse by ETrade | Broken SSL Fixed more than two years after notification | |