Dear ...while I appreciate the proactive alert I am a bit concerned with the “compared passwords associated” part of this message #plaintext 🤫
Conversation
That's not an indicator of plaintext passwords being stored by Glassdoor. Many companies now do this. They take their hashes and compare them to other hashes from hacked DBs that are now public. It's proactive, and this kind of message is usually pointing to password re-use.
13
21
271
I do hope not as that would imply a hash function matching the breach & no salt which is bad practice
I guess what you really mean is that they created a rainbow table of already broken & leaked password against the hash & salt of your entry & found a match
2
2
That would use up quite a bit of storage just for a single user so I highly doubt it
Only if you store them, which is not required. In any case the alternative of no-salt seems incomprehensible in current times.