Now, as application developers, we love to have simplicity in the application code base so that we can maintain the application later with ease. While keeping this simplicity in mind, we thought that we already had our application running behind a nice firewall and every access was thoroughly checked, so why not just store the passwords of the user in plaintext in the database? This will help us to match them with ease and will also help us save a number of CPU cycles.

One day while the application was running in production, an attacker was able to compromise the security of the database and somehow was able to fetch the details from the user table. Now, we are in a situation where the login credentials of the user are not only leaked but are also available in cleartext format. Going with general psychology, many people will reuse the same password on a number of services. In this case, we have not only risked the credentials of users on our application but also on a number of other applications that the user might be using.

Such an attempt to have security-sensitive data stored without any strong encryption not only put the application at risk of security issues that may happen at any time, but also its users.