An anonymous reader writes: I work for a publicly traded company. When I submit tickets to helpdesk, they reply with an automated response which has a link to the ticket. Nothing special there, right? The only thing is, it is a plain http: link, leading to a page that immediately asks for my password. If I add an s after the http, there is not even a listener there. So the only way I can access that page is to send my password in the clear. That server is geographically distant, so I am pretty sure I would be sending my password in the clear over the internet. (And even if it is fully intranet-based, isn't this still a pretty big risk?) Again, it is my IT department which is sending this link. This is not the first company where I have seen this. So I am starting to think that the easiest way for a hacker to compromise a company is actually provided as a service by that company's IT department. How common is this, and how can it possibly be happening? More generally, how safe is my personal data that I provide to corporations, when they may be so astoundingly easy to compromise?