Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
In developed markets, yes, moving away from Facebook should not be that hard since most people already use the internet prior to Facebook. You will only see the first-world-problem complaining here and there.
In the emerging markets, however, things can be a bit tricky societally. In these markets, most people had not experienced the internet nor computing until their first smartphone, and Facebook has been hooking people from day 1 with their free internet programs and carrier deals (so using Facebook won’t use up your quota), to the point that many people think Facebook as the “internet.” This is also why imo hoaxes and extremists can propagate easily in many countries through Facebook. The society just ain’t that mature yet in their awareness and critical thinking about the internet.
The alternative would be the messaging apps like WhatsApp, and Facebook knows this, thus their purchase of WhatsApp.
I never joined FB. I remember years ago visiting FB pages for businesses and public entities such as entertainers, musicians and so on. I wasn’t a member of FB, didn’t really have an interest in being a member, and was just looking at the FB page from folks who would obviously want anyone to see their content.
So the first thing I noticed when I landed on the page was a partial window at the bottom encouraging me to sign up. That partial window would steadily grow in size as scrolled further down the page until it basically blocked everything and the message changed to “sign in or join to see more”. I figured that if FB was that great, well let’s have a look and if it’s that good I’d want to join. No need to ask. But FB wasn’t looking particularly great at the time to me, in fact it was looking pretty belligerent. And those relentless obnoxious sign in or join notices could only mean one thing: they want something from me and they’re not saying what. Bottom line is FB ain’t free folks, you pay with your data and your data is valuable. Just ask Zuckerberg.
I notice a lot of business/retail websites are getting worse and worse over the years. Lately I’ve noticed email sign up pop ups that occur less than a minute after visiting the main page that I need to get rid of before I can go on. It’s like walking into a room filled with people you want to say hello to, but before you even have a chance to say hi or do anything, the first thing that happens is someone in the room let’s loose with a huge noisy smelly fart. And they don’t even say excuse me. That’s retail on the web these days.
I did, a while back. Then I lost some level of contact with far away family....
I sadly came back.
But, since I use 1password (all my passwords are unique and long/complicated) and 2FA, I'm not worried about "that"... but there are still lots to worry about
Not suprising to me. Facebook have proven that they are careless about their “customers” during all these years. There should be fines for billions of dollars raining over them but until that happens, better change your passwords regularly and dont upload too many personal information on their platform.
What do you need a root password for when the user root is not allowed to login in the first place?
The problem is that this same password will be the same as the email passoword for probably 80% of the people on the internet. Give me 5000 email passwords of real persons and I wont need to work during the rest of my life. You can do all sorts of bad things with this info. Your imagination is the limit.
Having worked in companies like this... it's called "tech debt"... it's the thing that doesn't visibly add value to the product and keeps getting "de-prioritized", but it's the thing that the software developers know should be taken care of. This is careless, thoughtless management at its finest.
Good thing I don't put anything on FB that I consider private. Still the principle of it matters. But with that said. One should know that once you put something on the internet it's not guaranteed to be kept absolutely private.
Not storing passwords in plaintext is something they teach you in your first year of Computer Science in college. The developers at Facebook are just hackers, plain and simple, NOT software engineers.
Glad I deleted my FB account years ago. No regrets.
Glad I deleted my FB account years ago. No regrets.
And while you are at it delete Twitter and joins gab.ai and use dissenter plugin. Watch project veritas videos on yt with Twitter employees bragging about having access to cleartext passwords.
I have zero social media accounts, but actually am using Whatsapp (contextual honesty).
I am not concerned, neither worried or upset with those revelations whatsoever. I find this kind of news silly, and irrelevant compared to the bigger picture of the immature modern society.
But hey, I am a person that visions the world as a Kafkaesque place. This matter lies on the same shelf as the Boeing situation, where essential safety tech preventing their planes from stalling is an costly option to be ticked by airline companies.
It’s the signs of our time: these kind of things are a result of unethically mastered greed: we all have a typically human need of having more, doing more, experiencing more, but most of us draw a instinctive line at it becoming at the cost of other individuals. Humans have reigned without that line for ages.
Capitalism as it is practised and glorified by the American world dominating (stagnant) imperialism is just one big pathetic joke.
This Suckerberg is an idiot, but all the users that don’t seem to care: his Facebook is nothing without them.
I am more concerned/worried/upset about FB and other social media to be a norm, really. A norm without scrutiny for their platform.
We don’t need this BS social media to activate our individual marketing, up to the extend of mass narcissism.
Their ignorance is a bliss. One cannot blame the sheep to be sheep...
Heck, Facebook should not even KNOW your password. It should be salted and hashed locally, and the hash should be transmitted.
So what if service is free? We're supposed to celebrate that it's free to be pwned by someone clever enough to take advantage of a corporation's having left passes in the clear in a warehouse of customer data?
FB says no evidence anyone used the data. Their "trust me" line wears thin.
Anway how is it immature hatred for people to push back against a huge corporation's extreme carelessness?
Even if "most" people might not give a damn, the gross negligence of using real passwords in the clear for some temporary test bed setup (which is probably what happened) is stunning. They were apparently real accounts, not generated test data as would have been appropriate (and more expensive to create).
By now FB could have built (and maybe have built) a proper test setup with generated "fake" data to mess around with. Yet still somehow they left this artifact laying around with a couple million real passes extracted from customer setups? Inquiring minds will want to know more about what and how and why this breach ever occurred, never mind why left to exist so long.
Consciousness of security seems to have been raised in the general public at least a little by all the media attention that has ensued over not only data breaches but coverage of congressional hearings related to corporate responsibility for data security. It might not be accurate any more to say "most" people don't care, even though I still suspect that's true...
But caring or not isn't the point, is it. Not if you are the owner of one of those passwords and you do care. And unsurprisingly, as I'm sure Equifax discovered, people who generally don't care about data breaches do rather suddenly tend to care when it's their data out there. It's not right to call them immature if they raise hell when they find out about it.
It seems like every week—last week was the NZ thing (got left up on FB for like 20 hours) and this week it’s passwords.I dont feel bad for Zuckerberg for a second over the autobahn speed dumpster fire car crash that is Facebook that none of us can look away from.
Karma is so frigging beautiful. And to think, the demise of Zuck/FB is only in its earliest phase. Popcorn.gif
Good luck with that new privacy-centric platform pitch too, credible Lizardman!
He'll be lucky to go the way of Tom; irrelevant. In more likelihood, jail time and litigation issues / scandals piling up until his old age. He certainly will not have gotten the last laugh, proverbially speaking.
I think in the end, Tom wasn't just everyone's friend on MySpace, he was indirectly everyone's friend IRL.
The platform caving on itself was a great 'avante-garde' gift to humanity; Nobel Peace Prize worthy imo!
And while I engage in debate often in polarizing pol threads, I think we *all* can rally behind the fact both sides are equally furious (for different reasons) at Facebook... Maybe thats the sort of common ground unity we need?
Maybe the whole pivot to privacy was just Zuck throwing in the towel on this mode of social media and charting a course for private comms. Personally, I think that’s giving too much credit to him, but I’m trying to be more of an optimist.
I agree and don't want to defend this terrible company, but they did not intentionally store the passwords in clear text. Apparently the passwords just inadvertently landed in some log files together with other form input data.
