Hello,
I've recently become interested in picking up a VPN service, and BolehVPN came highly recommended. I'm liking what I see about the service so far, and I was prepared to purchase at least a few months of the service! I made an account in preparation of the purchase, but was positively shocked when the confirmation email sent me back my password, login, and account number in cleartext. This is a huge security no-no, and I would expect at the very least that the passwords would be stored hashed and salted. It makes me very uncomfortable about divulging payment and address information, even if that is handled through PayPal.
Even overlooking the security of the payment information, given the rash of recent hacks which have occurred the world over to many big name websites and services, I would hope that Boleh would take the security of it's user data seriously. Are there any plans to implement hashing or salting of the passwords any time in the future? Or am I overreacting because the accounts made with this information aren't sensitive? Obviously users never want to have their passwords stolen, but I'm wondering if it's intended for everyone to make 'throw away' accounts.
Thanks for your consideration.
