Website password problem

Old Nov 18, 14, 3:04 pm
  #1  
Original Poster
 
Join Date: Nov 2009
Location: YVR
Programs: Non-status bottomfeeder
Posts: 826
Website password problem

I've contacted Best Western about what I believe to be a significant security concern about their website.
I used the webform to contact their Website support but disappointedly I only received a form letter back.
Hello Mr. zoobtoob,

Thank you for contacting Best Western Rewards. We will be glad to assist
you with this. We apologize for the delay in answering you, but we have
been receiving a high volume of e-mail and appreciate your patience.

We appreciate any suggestions that our guests provide to help us better
our service and our website. Your comments have been forwarded to our
Marketing Department as guest observations help Best Western determine
our strong points as well as those areas that may need attention.

We thank you for choosing Best Western Rewards and for your continued
loyalty to our brand. If we can be of further assistance please let us
know.

Best Regards,
This is not a marketing problem. This is an IT & security problem (perhaps even legal if their password database leaks).

They are storing passwords in a database either in plain-text or using a simple cipher. You can tell this because when you click the "forgot password" link, they email your password right back to you in plain text. This does not follow modern security practices of "salting and hashing".

How can I shortcut front-line support and get in touch with somebody higher up so this can get corrected?

I would recommend that all FT users change their Best Western password immediately to something they do not use on any other website.
zoobtoob is offline  
Old Jan 16, 15, 8:44 am
  #2  
 
Join Date: Dec 2006
Location: Pacific Northwest
Programs: UA 1MM, AS MVPG, Marriott Plat, Honors Dia, IHG Plat, ...
Posts: 8,337
Perhaps related? I just got this email from BW. Now (?) you need to call them to change the password? Seriously?

-------------------

IMPORTANT INFORMATION REGARDING YOUR BEST WESTERN REWARDS ACCOUNT
Best Western is committed to safeguarding the confidential information of our guests and wants you to be aware of the changes to how you access your Best Western Rewards account and redeem points.

Continue to go to bestwestern.com in order to:
Book your next trip
Check your point balance
Redeem Best Western Rewards points for free nights, gift cards, and other items.

If you would like to make a change to your account including updating your mailing address, email address, or password, please contact the Best Western Rewards Service center at 1-800-237-8483.

As a reminder, please take proper precautions to help secure your Best Western Rewards account against unauthorized access. We recommend that you:

Use a complex password and update it regularly
Use a password for your account that is unique and different from other account passwords
Check your account regularly to ensure all activity is yours
Promptly report any suspicious activity to us at 1-800-237-8483
notquiteaff is offline  

Thread Tools
Search this Thread