It would be very cool if the government could fine businesses for negligence like this, and even better if they would reward those who report it, which they could pay out of the fined amount of course. That way the reporter doesn't have to deal with the stress of being threatened by a lawsuit, and the company always knows the reported problem is something they have to respond to seriously.
Right now there is only form of pressure on these companies: Selling phones and subscriptions with as little overhead as possible, and they're all struggling to do so.
It also is a bootstrapping problem, right now companies just don't know about security best practices. It was probably some 16yr old store employee who suggested they use google docs to sync their passwords in the first place. If they new of a better way to do it I believe they would have, but there's no incentive to figure that out. If good security practices were more commonplace in all businesses then they wouldn't struggle so much with doing the right thing.
Excellent article and reporting! I’m actually not surprised at all of such a blatant security risk. This is something to be expected from a shared computer on a retail floor with a few shifts a day using the same terminal. I’m actually shocked that this was not exploited earlier.
Right now there is only form of pressure on these companies: Selling phones and subscriptions with as little overhead as possible, and they're all struggling to do so.
It also is a bootstrapping problem, right now companies just don't know about security best practices. It was probably some 16yr old store employee who suggested they use google docs to sync their passwords in the first place. If they new of a better way to do it I believe they would have, but there's no incentive to figure that out. If good security practices were more commonplace in all businesses then they wouldn't struggle so much with doing the right thing.