Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
Facebook and Instagram users who are concerned about their account security should delete their account.
Thats better....
Just to be clear, from a security audit perspective, 2,000 employees with access to plain text passwords means potentially 2,000 points of attack for social engineering hacks. So yes it is quite probable that many if not all of the passwords could have been obtained by a third party.
A social engineering victim may not be aware that access credentials are being used by a third party at the time said attack happens.
A social engineering victim may not be aware that access credentials are being used by a third party at the time said attack happens.
I dont feel bad for Zuckerberg for a second over the autobahn speed dumpster fire car crash that is Facebook that none of us can look away from.
Karma is so frigging beautiful. And to think, the demise of Zuck/FB is only in its earliest phase. Popcorn.gif
Good luck with that new privacy-centric platform pitch too, credible Lizardman!
He'll be lucky to go the way of Tom; irrelevant. In more likelihood, jail time and litigation issues / scandals piling up until his old age. He certainly will not have gotten the last laugh, proverbially speaking.
I think in the end, Tom wasn't just everyone's friend on MySpace, he was indirectly everyone's friend IRL.
The platform caving on itself was a great 'avante-garde' gift to humanity; Nobel Peace Prize worthy imo!
And while I engage in debate often in polarizing pol threads, I think we *all* can rally behind the fact both sides are equally furious (for different reasons) at Facebook... Maybe thats the sort of common ground unity we need?
I remember thinking, "Who the heck is Tom ?"
I think that many people will look back with regret at all the time they wasted on Facebook and their fake friends.
Hah, there is no worse game company (although Bethesda is getting there), but I don't think EA is destroying our society.
I don't think Amazon is that bad. I don't put their listening devices in my home, and they are putting the squeeze on local businesses, but I don't think Amazon is destroying the very fabric of our society in how we communicate, learn, and lose our privacy. But they definitely need to be watched carefully. I am no longer going to buy an EERO when I upgrade to mesh when WiFi 6 is widely available since they bought it. But I'd rather use Alexa and all of that stuff than FaceBook's creepy box.
Not surprised in the slightest. I do hope those who regularly criticise Amazone and Google on here do not use Facebook, otherwise it’s rather hypocritical.
Don't hold your breath. Facebook is the devil so many people know and just put up with because who wants to set up another social media account with all the overlapping privileges and weird terminology for granting or forbidding their interaction with your data?
Most people will not know nor even care whenever someone drags another outfit out of Facebook's undies drawer and waves it around and points out its indecencies. Why do we think so many people still have passwords like 1234 and mypass and mydog.. and still use them everywhere?
"We don't care, we just want to be able to get online without some big hassle."
The world is sad but not shocked that it's not even shocked by mass murders any more. So what could possibly make the exposure of a few million passwords outrageous? It's too late. We're jaded. We already got the email from Equifax... or from "pick a retail vendor in the mall".
Zuck wasn't completely right back in the day when he suggested that privacy as a thing was so over... but he wasn't completely wrong either, at least in fast-forwarded times: It's not that privacy is dead, but that end users of software get it now that stuff happens and stuff gets exposed and no one's really going to be held responsible for guaranteeing "never again".... even when some designated catcher steps up to "take full responsibility" for this little turn in the botch bin.
A corporation's C-suite, in practical effect, always reserves the right to break its own security rules in order to accommodate the press of a business matter. Anyone who works corporate data security will tell you this. And that's how **** like some exposed password archive happens.
Only thing that would actually tighten stuff up at Facebook is the wrong person getting hold of the right key to some officer's lockbox at Facebook. You know, like if Zuck's dumb enough to have stashed his own personal password manager's master password on his company site somewhere...
The only other, and more likely thing, is that Facebook will never really tighten up but successive half-generations of users will slowly drift off to the next and the next social media hub. They'll be looking for connection capabilities created by the next round of newer developers... ones who have been informed by (and are desirous of avoiding) at least the most obvious and painful mistakes Facebook has made over the years. And slowly Facebook becomes the equivalent of Compuserve's chat system or whatever. One day you're scrolling through your password manager and realize you haven't logged into some setup in seventeen months... wow, and it's Facebook?
But like I said, don't hold your breath. Inertia is a pretty sturdy glue in a social media setup.
learn to code and create a new social network without all of Facebooks issues and at this point folks would probably run to it. they would probably even pay a small fee to avoid ads
while you aren't wrong it doesn't excuse being stupid or greedy. '***** happens' doesn't excuse selling information to a 3rd party without giving users notice, it doesn't excuse having account details in plain text, and so on
I completely agree. There's no excuse.
And yet.... it will happen, and not end up as the sudden demise of Facebook or any other entity that experiences a security lapse that ends up in public awareness.
It doesn't mean there can't be consequences. There should be, and usually are. But death of the entity in question is not a usual one.
All you have to do is look at the sophomoric unmoral origins of Facebook to understand that as long as the original founder is involved there are no morals. Its all about what he can get away with and it does not matter how large the organization.
For those of you who don't remember, the original facebook website (FaceMash) was set up as a type of "hot or not" game for Harvard students. The site was shutdown but Zuckerberg faced expulsion and was charged by the administration with breach of security, violating copyrights, and violating individual privacy. Ultimately, the charges were dropped. This was in 2003. Sound familiar.
it might not be the 'usual one' but it doesn't mean it won't happen. the more times Facebook ends up in the press for these kinds of games, the more folks might walk away. I've seen several verified folks (actors and such) shut down their facebook, twitter etc in exchange for hoping on wagons like mastodon and if they continue it's good bye to these networks. especially if they finally piss off the Kardashian/Jenners. where that tribe goes, the lemmings will follow
Everyone should read "Zucked" by Roger McNamee.
For those of you that have never seen this, it's an exchange between Zuckerberg and a college friend in 2004:
As reported by Business Insider, the conversation according to SAI sources, went as follows.
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb ****s.
For those of you that have never seen this, it's an exchange between Zuckerberg and a college friend in 2004:
As reported by Business Insider, the conversation according to SAI sources, went as follows.
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb ****s.
this show clip is rumored to be somewhat based on truth (MR doesn't like timecodes so skip about 35 seconds in for the good part)
Very different. Some developer(s) at Facebook deliberately made the decision to store these passwords in plain-text, for whatever reason. The root password issue was an oversight, not an intentional decision.
When building web login systems, it's common practice and knowledge to never store a password in plain text... so FB screwed up BIG time here!