Fun fact. A few weeks ago I received a reminder email from a service I used months ago. The transaction was done in person, but I guess I somehow agreed to sign up for their web service.
Not only did they attach my username and password in plain text, the default passwords are constructed using a very obvious procedure. Essentially, you can bruteforce any account with 10k to 18M attempts.
Consumers' personal information are at risk in the hands of multinational corporates. That's why i'm working on a blockchain concierge services project called PREEVE to help consumers pay without giving out their identity or personal info. If you want to join me on this mission DM here or via telegram @sammydeeknight for a chat.
Customer Service representative Käthe acknowledged in a Twitter convo posted by security researcher Scott Helme, that agents regularly view the first four characters of customer passwords for authentication purposes. When confronted with the bad practise this represents, the rep got defensive, stating that hacks would not happen because the telco giant would be "100% secure," and indeed asked whether the hints dropped by the experts were to be understood as a threat against the company.