Password Stored with Reversible Encryption | |||
Home Depot | Notified 4-19-17; automated reply, no fix as of 7-28-17 | ||
Kroger | Notified 4-24-17; no reply; still vulnerable as of 7-28-17 | ||
Safeway | Notified 4-21-17; no reply; changed but probably still vulnerable as of 7-28-17 | ||
Walgreens | Notified 5-3-17; no reply; still vulnerable as of 7-28-17 | ||
Broken SSL | |||
Amazon Price Tracker Not from amazon.com | Notified 4-20-17; no update as of 7-28-17 | ||
Plaintext Password Storage | |||
Ace Hardware | Notified 5-16-17; no reply; still vulnerable as of 7-28-17 | ||
McDonald's | Notified 5-13-17; no reply; still vulnerable as of 7-28-17 | ||
Menards | Notified 5-20-17; no reply, still vulnerable as of 7-28-17 | ||
Plaintext Login | |||
7-Eleven Mexico | Notified 5-20-17; no reply, still vulnerable as of 7-28-17 | ||
Trader Joes Fan | Notified 5-20-17; no reply, no update as of 7-28-17 (Last updated in 2014) | ||
Multiple Vulnerabilities | |||
Delhaize | Password in log, broken SSL, and insecure local encryption Notified 5-14-17; no reply, still vulnerable as of 7-28-17 | ||
Publix | Plaintext Password Storage and Broken SSL Notified 5-13-17; no reply, still vulnerable as of 7-28-17 | ||
Fixed | |||
Golf Galaxy | Broken SSL, and insecure added encryption Notified 5-21-17 -- FIXED | ||
JP Morgan Chase | Password Exposed in Log Notified 5-10-17; no reply, but fixed as of 7-28-17 | ||
OptionsHouse by ETrade | Broken SSL Fixed more than two years after notification |