Concerns with BMSBattery's Security

gutyex

1 mW
Joined
Sep 16, 2015
Messages
16
I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.
 
That is usually something you shouldn’t worry about. A lot of websites, forums, etc do this. Unless it was emailed by an actual person, I wouldn’t worry about it. Most likely it is automated
 
gutyex said:
I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.

Usual advice is: change your password as soon as you receive notification.
 
If you recieve a full or partial password, it means your password is not encrypted and visible to admins of the sites as well as any hackers who gain access to the site.

Ensure that the password is NOT used for any other account and especially your email. There are criminals out there who have "scanning lists". They know for example, that they will never break into a gmail account because Google's security is too good. Instead, they break into small shops and forums that don't invest in security at all. They get the email and password from the weak site, and try it against every other site on their scanning list like email, facebook, instagram, etc. To see if you reused the password.

If you have reused the password anywhere, change them all as soon as possible.
 
Maybe this borders on paranoid, but I do work in cybersecurity/fraud prevention.

Imagine the password you set for BMSB was the same as your email and Paypal password. As Dapuma said, it was automated so no human has seen your password yet.

You order a couple high value goods and they're DOA. BMSB believes you're at fault and refuses any refund. You raise a Paypal dispute. Losing this money could wipe out all profits to BMSB. They can't afford for the Paypal dispute to go your way. So they retrieve your password and find it works on Paypal and your email! They log in, cancel the dispute, go to your email and delete all evidence that they cancelled it.

By the time you realise, its too late. Paypal says you cancelled it and refuses to start a new one.

This is all hypothetical of course, but possible any time you reuse a password with a site that doesn't care about security.
 
I have dealt with BMS battery quite a bit
Maybe $10k

They always did about what I expected them to.

My experience was the opposite... where they would not ship stuff to my mailing address (different than my CC address) due to fraud issues... causing me to have to jump thru a bunch of hoops - ...

I once had to ship 50lbs of Lithium Batteries to a San Francisco Operations department... then go and pick them up by hand....

As far as internet security?

These days your personal Email account is A DIRECT SHOT at every single login you have anywhere on the internet
Banks, you name it

Just think about it.

CLICK - I lost my password
EMAIL - shows up in your inbox, you click it, change your password

So it matters not that they plain texted your site password
If your email is compromised... then... all of your internet dealings are compromised.

-methods
 
Back
Top