Updated! Virgin Media NOT storing passwords in plain text
Virgin Media have been in touch to clarify the situation. They state "We do not store customer online passwords in plain text. In fact no call centre has access to online passwords used for customer email or My Virgin Media."
This leaves the question - how was it possible that a Virgin call centre worker was able to tell a user their password? Well, according to a Virgin Media spokesperson, "All Virgin Media customers are given an option to set up a password for their My Virgin Media online account, and another password for their billing account for when the call into Virgin Media for support.
The password for their billing account is used as part of the Data Protection Act questions we ask a customer. In both cases the customer chooses each password. It is possible this customer could be using the same password for billing/account management when they call in, which we wouldn't advise."
PreviouslyIn a Twitter exchange, it has become clear that Virgin Media - one of our biggest ISPs - store user passwords in PLAIN TEXT. We've covered this ground before - the fact is NO user password should ever be stored in plain text anywhere. NONE, EVER, ANYWHERE.
@jbrooksuk Don't worry, all your details are safe with us. Our agents can see these details as they need to pass DPA. EW— Virgin Media (@virginmedia) July 29, 2013
This is a shocking admission from a company where security should be of paramount importance, and the apparent lack of understanding on why this is a bad thing really surprises us.