Sensitive information is information that needs to be protected from unauthorized parties.
- Personally Identifiable Information (PII)
- Like Bank account number, Credit card number, Mobile number, Aadhar number, Biometric Data, etc.
- Business Confidential Information
- Classified information
All such Sensitive Information should not be transmitted over unencrypted channels like HTTP. Otherwise, there are chances that it gets compromised.
For this, an attacker needs to eavesdrop on each data packets sent from you, which is generally possible only if the attacker is in the same network as you are.
- Passwords transmitted in cleartext.
- The server sends passwords in cleartext to a log server.
- The server sends cleartext passwords in an email.