Why Plenty Of Fish Stores Passwords in Plain Text

UPDATE: Thanks to the Hacker News community for voicing their criticism and making some great points on web security and password management. To join the debate on Hacker News Click Here.

Last week Plenty Of Fish got hacked and a big drama ensued after Markus Frind, its Founder and CEO, wrote a long rambling article accusing a 23 yo Argentinean hacker, Chris Russo, of extortion and harassing him and his wife.

Markus blog post caused what seems to be now the worst PR nightmare any company could dream of.
Instead of getting compassion and support from his readers, he was heavily ridiculed and made fun of by hundreds of commenters and web publications across the Internet.

Why? apparently is not unusual for hackers to expose security vulnerabilities as a hobby or as a business, but what is not normal or remotely acceptable is for any self-respecting website, specially the size of Plenty of Fish to store millions of passwords from its users in plain text format, that is, not encrypted.

Not only this a monumental lack of consideration for his user's privacy but it is an unforgivable security issue that no one that has had the most basic web security training could have ever allowed to happen.
One must assume that every website will eventually get hacked and therefore must ensure that once the data is exposed the potential damage that can be caused is minimized as much as possible.

The main concern should be users privacy and with that comes their passwords. Unfortunately, a great deal of people use the same password for many of their online accounts. It is not safe but it is practical and no matter how much we are told not to do so, people will keep doing it.

Knowing this, the least thing a developer can do is to at least encrypt all the user passwords so in the event of a hacker gaining access to the database, the hacker will expose unusable information.

So is Markus that big of a moron? I don't think so, he may have some emotional issues as can be seen from reading his post but he is not a total idiot. A person that single handedly was able to create the largest online dating empire on the Internet can't be that stupid.

I think Markus is a genius, a nerd, a geek, a hacker himself, maybe not the best programmer but definitely one of the very few people in the history of the Internet to pull such feat all by himself.
As one can see from reading his blog he is not shy to tell the world how good he think he is.
Back in the day he went as far as posting a huge Google Ad cheque made to his name from advertising revenue gained through his website.

Nope, Markus is no fool so if he stores passwords in plain text is for a reason, and a good one indeed.
Probably the reason is just one of the many reasons that has made POF as successful as it is today.

The main reason is to boost user retention. This works two ways.
Every so often, POF sends you an email with your password so you don't forget it.

This accomplishes two things at once. For one, it acts like a news letter, it reminds you that POF exists, that you should go there.
Although many use the same password for all their accounts, there are also many people that use several passwords and have difficulty remembering them.
Well, so if you forget your password it is way more likely that you will not log back in a website. Yes you can go ahead a go through the recovering process, but that takes time and we are lazy.
It is way smarter to keep reminding you of your password, and that is exactly what Markus does.

According to Markus himself most people signup for 2 or more online dating sites.
Which one will you be more likely to go back? well, the one that makes it super easy to remember your password and yes the cheapest one. POF is free!

So there you go, what is most likely, that a guy that has build the largest free dating site the world is a moron? or that his ambition overrules any concern for his user's privacy? Occam tells us is more likely to be the latter assumption.

Not only that, Markus has admitted that keeping pictures aspect ratio all wonky is great to increase ad revenue traffic as people are forced to click on the pictures to view them properly.
Or the fact that it is almost impossible to cancel your POF account so even years after finding your true love you keep getting those hot weekly matches every Monday.

Not siree, our highly polemical and at times seemingly derranged interweb lord of the e-date realm is no fool.
Funny thing is that I am willing to bet this self imposed PR chaos may only help his site to become even more popular.
Many would sell their soul to the mockery devils in exchange of Markus's 6 million love seeking uniques a month, no doubt.