There are also a ton of security flaws with the system:
- Support page is lacking a 404 Error page
- No HSTS
- They're still using TLS 1.0
- They're using 4-year-old console software that has numerous security holes, including this one.
- Their welcome banner is transported over HTTP, but everything else is transported over HTTPS, a security flaw.
- They're using synchronous XMLHttpRequest, which is deprecated because of known information leaks. Go to the console after you login.
- I'll update this list if I find more.
These are such major issues. I say they start over, but in the meantime, anyone know where I can report these? I know these are some of the bug reports, but still...