Ask HN: Should we name and shame companies that send passwords in emails?

by bbody on 5/16/2015, 7:26 AM with 1 comments

I recently signed up to a website and they sent me the password I signed up with back in a confirmation email to me.

It isn't the first time I've seen this, however this website seemed quite legit. I didn't use my normal password but I came close to, so I am angry. Not only this, but the confirmation email was CC'd to some Gmail address.

It seems that in 2015 sending plaintext passwords back to people shouldn't be happening. Should we name and shame websites that do this?

Edit: Added in fact the email was forwarded to someones Gmail address.