I'm absolutely blown away by how eWAY responded to my last post concerning some security issues and concerns I had with their site. They've radically exceeded my wildest hopes for resolution of the issues, and set themselves far apart from other companies who have been in similar circumstances before.
The post with the issues initially went live Wednesday morning.
By Wednesday evening, within 12 hours of the post going live, I had received a phone call from their CEO letting me know they were on top of the issues and actively addressing them with quite a few developers.
By Thursday evening, under 36 hours after the post went live, they let me know they had resolved the "plaintext password reset email" issue with a much more secure password reset system that did not expose the developer passwords.
In under a week, they have also updated their "About the developers" page to add information about the people responsible for security (this information had been missing on the page previously), updated their fraud detection systems, and are actively pushing people away from the older, 8 digit based interface.
On top of this, they sent me a thank you package!
This is such a radical contrast to other companies who respond to security issues by, in no particular order, ignoring them, having a PR drone say something meaningless, or fixing one issue and ignoring others (and then denying that there are exploits on sale and being used for the just-patched version).
And it's absolutely awesome to see rapid response to security concerns in action. I wish more companies responded like eWAY did.