Reply to post:

Transport for London Oyster system pulled offline after credential-stuffing crooks board customers' accounts

teknopaul Silver badge

Sites keep email address only for SPAM.

To use email as a username they could keep a hash instead of the plain text. This would work for login and password resets and not risk exposing it if the db gets nicked.

If everyone did that credential stuffing would be a thing of the past.

And of course it would be impossible for them to send you unsolicited email.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019