Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
Comment on Meta fined $102 million for storing passwords in plain text
Darkassassin07@lemmy.ca 1 year ago
Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…
ramble81@lemm.ee 1 year ago
frezik@midwest.social 1 year ago
At the time Facebook was invented, plaintext passwords had been a joke for years.
Dindonmasker@sh.itjust.works 1 year ago
They are still on the old system of writing them down on paper XD
FutileRecipe@lemmy.world 1 year ago
old system of writing them down on paper
That’s harder to steal/hack by someone across the globe.
dan@upvote.au 1 year ago
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
eager_eagle@lemmy.world 1 year ago
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
frezik@midwest.social 1 year ago
Careless logging is the one.
IsThisAnAI@lemmy.world 1 year ago
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It’s not great but I understand how it happens if they didn’t have strong monitoring and system ownership.
bolapara@lemmy.ml 1 year ago
This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.
leisesprecher@feddit.org 1 year ago
Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
ObviouslyNotBanana@lemmy.world 1 year ago
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque.
IsThisAnAI@lemmy.world 1 year ago
Have you ever worked for government IT? Most of it is ages behind private sector.
superkret@feddit.org 1 year ago
I work in the private sector and or most essential systems run on Windows Server 2012 and CentOS 7.
IsThisAnAI@lemmy.world 1 year ago
I’m not saying there isn’t crap in the private sector, but in my experience government really sucks managing IT.
BearOfaTime@lemm.ee 1 year ago
The difference is even this pjttance if a fine wouldn’t happen in a planned economy.
And you’re ignoring what happens in the SMB space.