Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
If they had followed basic security procedures they never would have the passwords anywhere on their network. Instead they’d have a hashed, salted key derivable from the password and the user’s account ID. That way if there is a network incursion any information exfiltrated is not usable on any other network (among other advantages).
I thought more about the working condition in the fulfillment centers and how they created the new lower “delivery” social class, their horrible environmental footprint and the general awfulness of their dealing with competitors.
Yah. Facebook is bad. Shame on Zuckerberg I’d say. Made big coin but ignored the cost to human beings. That is his story.
[doublepost=1553229484][/doublepost]
Hard to drop it when auntie Alva is still sending cute messages to play farm world
Probably not in the publicly traded sector, and not with the scale of Facebook's user roster.
Yeah, it’s really true - and I still haven’t deleted my account but I really want to. I just can’t seem to pull myself to do it because I have so many cousins on there that I haven’t visited for years except for Facebook
Good advice, except that this will not help in the case of Facebook. The problem this time is that they have been shown to store passwords on the server side in plain text format. No matter how complex your password is in such as case, they will have easy access to it—it is 100% readable to them.
It's kind of like the person at the office who writes their passwords on Post-Its and sticks them on their computer screen or desk. Everyone in the office has easy access. Free and easy to do whatever they please.
[doublepost=1553231583][/doublepost]
No one "deserves" to have their account hacked. That's like saying you wish evil things on people, just because of their susceptibility and innocence.
However, I would agree that FB has shown little to no real concern for the privacy and security of their users, so I can kind of understand the "told you so" feeling, even though I feel bad about those people who are victimized in a system they continue to trust despite the clear warning signs.
Nah. Maybe the solution is to copycat Facebook and then one by one we get every person to sign up to the new better new improved Facebook with privacy thing. It’s definitely doable. I would do it and I would be the CEO and I would cap my yearly salary at $1 billion. Actually I probably do it for 4 million
""There is nothing more important to us than protecting people's information,"
I get the purpose of PR states, but when they're a blatant lie by contradiction, I have to wonder why it was said in the first place. If information protection was the most important thing, this article would not even exist, because some idiot would not have allowed passwords to be stored in plain text.
It's 2019 and someone is still doing this???
I get the purpose of PR states, but when they're a blatant lie by contradiction, I have to wonder why it was said in the first place. If information protection was the most important thing, this article would not even exist, because some idiot would not have allowed passwords to be stored in plain text.
It's 2019 and someone is still doing this???
Yeah, I just thought of that skeezy pharmaceutical guy who went to jail recently. The guy who jacked up meds that people needed to live by like 5000%. Martin Shkreli? He might be worse than Zuckerberg but doesn’t have the widespread impact with his companies. Though I read something the other day that he was actually running some new company from jail using a cell phone that was smuggled in and nobody seemed to really care. Rich people prison! That’s the worst Zuck can expect.
True. But about passwords of course there should be a certain level of trustworthiness.
Then again, hacks happen all the time and nobody should reuse the same password anywhere. That’s where the real lack of education is at..
Yeah not doing their 2FA, they do the one that uses your phone number and they just got busted for selling that info even though people were told it was only there for two factor. Until they use something like Authy it isn’t really worth the headache.
If the story is correct regarding how they came to be in plain text, this is not related to how the password is used, but rather a rather blaring poor move by a developer logging output and the password being part of that log. I doubt it was done intentionally and If it is the case it was logged, now one would in the company would have seen them because if they did, they would have rectified it.
Doesn't matter the size of the organisation, mistakes do happen even big ones like this because people are only human.
Most people won't hear about this additional Facebook folly, and the majority of people who do hear about it won't care and will continue to use the service. Like it or not, Facebook has connected over a billion people, and it's not going anywhere despite the company's reckless behavior. It's the perfect example of a wolf in sheep's clothing.
You could quit FB and with the time saved you can go visit them irl... wouldn't that be awesome
[doublepost=1553248185][/doublepost]
Oh that was just a publicity stunt. They gladly hand over iCloud data to law eenforcment in most cases. And they need no backdoor for this as for most data they have the key or it is not unencrypted at all.
And they don't need to build a backdoor for Chinese government, they just handed over the whole infrastructure and keys to the this brutal and totalitarian regime.
Last edited: