thetrainline.com
Buy online train tickets
comet.co.uk
Comet Auctions is part of Comet, the very large UK electrical goods retailer.
It is an auction site for end of line and refurbished items. Being an eCommerce site credit card data will be stored once you make a purchase.
I raised the issue of the plain text password and they responded that it was common practice and not a concern.
olsale.co.il
Olsale is an Israeli personal-shopping site.
When I registered, I got a lame email titled “Message from OLSALE” with my username and password in plaintext. I thought this might be OK since they sent it out immediately after registration, so I promptly “forgot my password” only to get the exact same email. Code reuse, right? Brilliant.
escapistmagazine.com
Online gaming magazine
vizualize.me
Visualizes your resume online
milkround.com
Milkround is a very popular UK based graduate careers site. It describes sending you your plaintext password as a “password reminder” with no security questions or reset links available at all.
hyperspin.com
Hyperspin.com offers reports on website availability, and responsiveness. They do a pretty good job. Except in terms of password security :)
troopmasterweb.com
TroopMaster Web, a service use by many boy scout troops stores passwords in plain text. In addition, they also have them accessible by the administrator of the scout’s troop’s TroopMaster group.
e-academy.com
MSDNAA (Microsoft Developer Network Academic Alliance) — provide free software to students on CS related courses. My undergrad account was reactivated when I became a postgrad… and handily they decided to let me know what my password was!
Seriously, Microsoft (and not least their developer network) should know better!
dixons.co.uk
Dixons, a UK electrical goods retailer.
Pity their password storage policy isn’t good.