Ask HN: My bank stores PIN as plain text, should I be worried?
4 by MichaelHoste | 7 comments on Hacker News.
Hello HN, I received my new credit card with a reminder of my current PIN. I'm not sure how that could be possible without having a database of their customer names, addresses and secret PINs as plain text somewhere. Shouldn't it be common sense to salt and hash them like any other stored password? 4-digits PINs are also used for other systems like SIM cards or ID cards in Europe, and I guess people often use the same code. Malicious employees could get access to bank accounts or smartphones of their relatives. And If a leak happens, PINs will be on the wild with names and addresses attached to them, couldn't it be dangerous? Do I take PIN way too seriously? Should I contact someone about this?