Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Every turd knows you salt the password and hash it and never ever store anything other than the hash. The password should never even have been transmitted to Facebook, but that’s a whole other story.

These guys should be shut down.

Yes. At this point, storing non-hashed passwords should be a criminal offense. Period. The CEO and Chief Engineer of any firm doing it should get jail time for it. That will stop it. This isn't rocket science either, the protocols to make this kind of thing impossible are pretty well known.
 
Best practice is to use the browser instead of app and use tiered passwords (different passwords for social, email, banking, etc.) Facebook is still useful for discovering events and group discussions.
 
  • Like
Reactions: R3k
While many are saying "is anyone surprised" I actually am at this.

This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
On an objective level you are correct. However, given the past practices (that we know of) and the seeming culture of indifference they seem to display constantly, this is not a surprise.
 
  • Like
Reactions: Colonel Blimp
If only people could turn their back on Mark (Facebook) like they did Tom (MySpace). Sadly, too many people are addicted to Facebook and won’t ever delete their account no matter how bad Facebook treats their information.
 
While many are saying "is anyone surprised" I actually am at this.

This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

That is absolutely surprising and shameful and there is no excuse from them that is acceptable.

Your comment provides the correct focus for this news. It shows the differences between two major companies and what drives them (despite Zuck's current crocodile tears over the loss of user privacy).

Apple is all about its users (and our money), so its focus is all about the users, including and especially things that are important to us, such as security. They actually lead the pack on that one, as time and time again they refuse to build back doors into their products. We are Apple's client.

Facebook is all about its advertisers - a surprise to no one. So it shouldn't be that unusual to see stories like this. They had those passwords in cleartext because it never occurred to them to do otherwise. To "do otherwise" would have meant operating by an impulse that just wasn't there - to do good by its users.

To put it more clearly: we are Facebooks' users, but that doesn't not equate to client. We are most assuredly not their client. Someone else is.
 
You know that the world is a mess when the thousands of people wise enough to not have social media accounts are more concerned/worried/upset with these revelations than the billions that do have.
 
expect nothing to change - advertisers are still lined up to use FB and the ones that do, they continuously increase their budgets like clockwork...there is no incentive for FB to do anything any different tomorrow than there are today in terms of protecting it's user base.
 
  • Like
Reactions: lankox
The headline is hilarious... the fact that FB allowed this to happen. smh.
 
No one, but *no one* stores passwords in plain text accidentally. *NO ONE.*

This is otherwise known as "poisoning the well".

Facebook is covering its tracks for something nefarious it did or helped the government do, that's all.

"We or the government did some bad **** using a user's password on another site, but look! Passwords to do so were stored in plain text! Wasn't us, it was, um, hackers! Yep!"

This is all very standard stuff.
 
Last edited:
"Facebook said it discovered the problem in January. But, according to Brian Krebs, the security researcher, in some cases the passwords had been stored in plain text since 2012. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012".

Wow.
 
  • Like
Reactions: LizKat

"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

...for the right price of course, otherwise, they don't care. The only reason Zuck is a billionaire.
 
Change your Facebook password and enable 2FA.

If you use the same password for anything else. Start using better password techniques. Learn to use a password manager and generate random passwords. At least make random passwords manually and store them in an encrypted Excel spreadsheet. If you don't want to learn the ins and outs of a password manager.
 
There is nothing more important to us than protecting people's information

I mean my god, they should be barred from even publishing statements like this at this point, it’s absurd they can say that with a straight face.
 
  • Like
Reactions: notabadname
HAHAHAHA!!! There have been so many wanrings about these fools at FB and it falls on deaf ears and people even defend their position as to why they need or want an account. Sorry, but the FB zombies and lemmings deserve it. There is but a single solution to this - stop using FB - delete everything they will let you delete - do not reinstall it - get out and just say no!
[doublepost=1553195420][/doublepost]
I never even created one in its inception.

THIS right here! Right on!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.