Color me stunned.
As an Optimum Online subscriber, I’m supposed to get free online access to Newsday, one of the largest newspapers in New York. So I went to sign up on Newsday’s site. And that’s when my eyes popped out of my head.
Not only does Newsday’s sign-up form ask you for your Optimum ID (username), full name, and address, but they require you to provide the password to your Optimum account.
Not believing my eyes, I called their help number and asked why they didn’t just take the ID and send a confirming e-mail to the user’s account, but was told that no, I had to provide the password to my account.
I told the representative, who I won’t name as this is not her fault, that that was the stupidest thing I’ve heard all day and is really poor from a security standpoint.
She put me on hold and eventually came back to tell me that I did have to provide the password but it’s “encrypted.”
I asked to speak to Newsday’s Chief Security Officer and was told they have none. Gee, what a surprise.
I asked to speak to Newsday’s Chief Privacy Officer and was told they didn’t have one of those, either.
So I called Optimum Online and asked to speak to their online security office. I posed my question to them and they told me I’d have to take it up with Newsday. Of course, they (Cablevision) own Newsday, so you’d foolishly think they might have some influence or be concerned about passwords being needlessly entered in a subsidiary’s web site, but no, they said I had to take it up with Newsday.
Obviously, I didn’t sign up for digital Newsday today. Shame on them and Cablevision for even requiring the major account password to access the site. What is Cablevision going to do if Newsday gets hacked? Email hundreds of thousands of customers and tell them to change their Optimum Online passwords? And what are they going to do if Newsday is hacked and the hackers decide to decrypt passwords, login to Optimum Online accounts and listen to people’s voicemail or look at their payment arrangements?
Such an unecessary and foolish risk.