What about passwords?
They have not yet confirmed if passwords were also stolen ... I would hope they are salted and hashed .. but I suspect they may not be. When you initially sign up for their services (over the phone, not web) they will ask you for a password. You can then use that to log in to their website. Unfortunately they do seem to be able to ask you for your password when you call in for support ... which might mean they are typing it in and checking it matches .. or might mean its displayed on their screen .. and held in the clear.
If they have held passwords in plain text, they need punishing, financially.
Biting the hand that feeds IT
