Last week, T-Mobile Austria customers got some terrible security news as a string of unplanned customer service tweets revealed that the company was storing passwords in plain text, which is a major violation of basic cybersecurity practices. Today, the company finally came clean and pledged to immediately implement password-hashing, a crucial protection in the event of a breach.
“Online-passwords will be salted and hashed in the future, as is considered state of the art in security,” a spokesperson told The Verge. “Other channels, including shops and call centers, will introduce additional security criteria. These steps will be implemented as quickly as possible.”
Hashing is a basic security practice throughout the industry, allowing systems to verify logins while still protecting the underlying passwords in the event of a breach. Hashed passwords can still be deciphered, but only through significant computing power, giving platforms and users crucial time to detect the hack and reset any compromised logins. It’s seen as one of the basic tools of login security, making last week’s news a significant security lapse.
T-Mobile Austria is operated by Deutsche Telekom, a separate division from the company’s American branch. There’s no indication that similar practices were at work in the United States.