Page 1 of 1

Concerns with BMSBattery's Security

Posted: Dec 21, 2017 8:47 am
by gutyex
I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.

Re: Concerns with BMSBattery's Security

Posted: Dec 22, 2017 6:37 pm
by dapuma
That is usually something you shouldn’t worry about. A lot of websites, forums, etc do this. Unless it was emailed by an actual person, I wouldn’t worry about it. Most likely it is automated

Re: Concerns with BMSBattery's Security

Posted: Dec 22, 2017 8:49 pm
by Buk___
gutyex wrote:
Dec 21, 2017 8:47 am
I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.
Usual advice is: change your password as soon as you receive notification.

Re: Concerns with BMSBattery's Security

Posted: Jan 11, 2018 4:16 pm
by Sunder
If you recieve a full or partial password, it means your password is not encrypted and visible to admins of the sites as well as any hackers who gain access to the site.

Ensure that the password is NOT used for any other account and especially your email. There are criminals out there who have "scanning lists". They know for example, that they will never break into a gmail account because Google's security is too good. Instead, they break into small shops and forums that don't invest in security at all. They get the email and password from the weak site, and try it against every other site on their scanning list like email, facebook, instagram, etc. To see if you reused the password.

If you have reused the password anywhere, change them all as soon as possible.

Re: Concerns with BMSBattery's Security

Posted: Jan 11, 2018 4:28 pm
by Sunder
Maybe this borders on paranoid, but I do work in cybersecurity/fraud prevention.

Imagine the password you set for BMSB was the same as your email and Paypal password. As Dapuma said, it was automated so no human has seen your password yet.

You order a couple high value goods and they're DOA. BMSB believes you're at fault and refuses any refund. You raise a Paypal dispute. Losing this money could wipe out all profits to BMSB. They can't afford for the Paypal dispute to go your way. So they retrieve your password and find it works on Paypal and your email! They log in, cancel the dispute, go to your email and delete all evidence that they cancelled it.

By the time you realise, its too late. Paypal says you cancelled it and refuses to start a new one.

This is all hypothetical of course, but possible any time you reuse a password with a site that doesn't care about security.