Thursday, April 16, 2015

Match.com passwords sent over HTTP

Arstechnica posted an article saying that Match.com's login page has been running HTTP for quite some time now. It appears to be a mistake of some kind, not intentional.

But, why is running an HTTP login page bad?

As you've heard me say before here and here, having an HTTP login page means your password is traveling the internet from your device all the way to the Match.com web server in plain text. Anybody or anything in-between able to see your traffic is also able to see your password.

I don't use Match.com, but if you do, consider resetting your password.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment