Yes. At this point, storing non-hashed passwords should be a criminal offense. Period. The CEO and Chief Engineer of any firm doing it should get jail time for it. That will stop it. This isn't rocket science either, the protocols to make this kind of thing impossible are pretty well known.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yes. At this point, storing non-hashed passwords should be a criminal offense. Period. The CEO and Chief Engineer of any firm doing it should get jail time for it. That will stop it. This isn't rocket science either, the protocols to make this kind of thing impossible are pretty well known.
On an objective level you are correct. However, given the past practices (that we know of) and the seeming culture of indifference they seem to display constantly, this is not a surprise.
iMessage, Apple News, Twitter, real life social interaction...
If only people could turn their back on Mark (Facebook) like they did Tom (MySpace). Sadly, too many people are addicted to Facebook and won’t ever delete their account no matter how bad Facebook treats their information.
Your comment provides the correct focus for this news. It shows the differences between two major companies and what drives them (despite Zuck's current crocodile tears over the loss of user privacy).
Apple is all about its users (and our money), so its focus is all about the users, including and especially things that are important to us, such as security. They actually lead the pack on that one, as time and time again they refuse to build back doors into their products. We are Apple's client.
Facebook is all about its advertisers - a surprise to no one. So it shouldn't be that unusual to see stories like this. They had those passwords in cleartext because it never occurred to them to do otherwise. To "do otherwise" would have meant operating by an impulse that just wasn't there - to do good by its users.
To put it more clearly: we are Facebooks' users, but that doesn't not equate to client. We are most assuredly not their client. Someone else is.
You know that the world is a mess when the thousands of people wise enough to not have social media accounts are more concerned/worried/upset with these revelations than the billions that do have.
No one, but *no one* stores passwords in plain text accidentally. *NO ONE.*
This is otherwise known as "poisoning the well".
Facebook is covering its tracks for something nefarious it did or helped the government do, that's all.
"We or the government did some bad **** using a user's password on another site, but look! Passwords to do so were stored in plain text! Wasn't us, it was, um, hackers! Yep!"
This is all very standard stuff.
This is otherwise known as "poisoning the well".
Facebook is covering its tracks for something nefarious it did or helped the government do, that's all.
"We or the government did some bad **** using a user's password on another site, but look! Passwords to do so were stored in plain text! Wasn't us, it was, um, hackers! Yep!"
This is all very standard stuff.
Last edited:
"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.
...for the right price of course, otherwise, they don't care. The only reason Zuck is a billionaire.
Change your Facebook password and enable 2FA.
If you use the same password for anything else. Start using better password techniques. Learn to use a password manager and generate random passwords. At least make random passwords manually and store them in an encrypted Excel spreadsheet. If you don't want to learn the ins and outs of a password manager.
If you use the same password for anything else. Start using better password techniques. Learn to use a password manager and generate random passwords. At least make random passwords manually and store them in an encrypted Excel spreadsheet. If you don't want to learn the ins and outs of a password manager.
I mean my god, they should be barred from even publishing statements like this at this point, it’s absurd they can say that with a straight face.
Not to mention use random passwords for everything and a decent password manager like 1Password, Dashlane, LastPass, etc. to manage them.
HAHAHAHA!!! There have been so many wanrings about these fools at FB and it falls on deaf ears and people even defend their position as to why they need or want an account. Sorry, but the FB zombies and lemmings deserve it. There is but a single solution to this - stop using FB - delete everything they will let you delete - do not reinstall it - get out and just say no!
[doublepost=1553195420][/doublepost]
THIS right here! Right on!
[doublepost=1553195420][/doublepost]
THIS right here! Right on!