Meta’s revenue is in the tens of billions. This fine isn’t even a rounding error for them. This isn’t something that should be taken so lightly.
Meta fined $102 million for storing passwords in plain text
Submitted 2 months ago by neme@lemm.ee to technology@lemmy.world
Comments
Sundial@lemm.ee 2 months ago
Coasting0942@reddthat.com 2 months ago
Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.
curbstickle@lemmy.dbzer0.com 2 months ago
Its about $2.6 billion per week in revenue, even by the weekly numbers its not an impact
(based on ~$135b in revenue for 2023, according to financial disclosure reports)
homesweethomeMrL@lemmy.world 2 months ago
😱
Fredselfish@lemmy.world 2 months ago
Yeah that was just a cost of business. Zuck probably pulled that from under his couch.
penquin@lemm.ee 2 months ago
Quick math: this is only 0.076% of their 2023’s revenue. No wonder big corporations don’t give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.
irreticent@lemmy.world 2 months ago
They literally just consider fines as a cost of doing business.
Teal@lemm.ee 2 months ago
This is like when Dr Evil asks for $1 million dollars after being unfrozen. These courts need to get with the times.
WhatYouNeed@lemmy.world 2 months ago
Should be like GDPR fines: 4% of your annual global revenue.
Test_Tickles@lemmynsfw.com 2 months ago
I can’t find anything that states how much they have actually paid. It’s not quite the same if they spend 20 years fighting the amount in court.
Squizzy@lemmy.world 2 months ago
102 million is a major fine.
GoodEye8@lemm.ee 2 months ago
102 million is a major fine for you. For meta that’s less than 1% of their last quarter (which was around 13 billion net income).
InEnduringGrowStrong@sh.itjust.works 2 months ago
Not for a company with 120 Billion profits.
floquant@lemmy.dbzer0.com 2 months ago
It is absolutely not, but I understand it’s easy to lose sense of scale when you go into billions territory.
ChaoticEntropy@feddit.uk 2 months ago
This is less than a rounding error.
anzo@programming.dev 2 months ago
They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend… This was so outrageous at the time. Now it’s beyond absurdity… Not to mention the fine is so small!
AA5B@lemmy.world 2 months ago
Not to excuse them, but this is from 2019. Yes, that behavior was so outrageous at the time, but hopefully it is no longer happening
Blackmist@feddit.uk 2 months ago
I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.
There’s only one realistic way they can know those to ask me.
They haven’t asked me that for a while now, so I can only hope they encrypted them properly at some point.
dan@upvote.au 2 months ago
Also, nobody reads the actual post. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens.
obinice@lemmy.world 2 months ago
2019 isn’t some ancient far away time though, it’s just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.
Imgonnatrythis@sh.itjust.works 2 months ago
I’m sure we can just trust that it’s better now. The small dent fee that falls under the category of "write-off’ on Meta’s budget probably really straightened up their behavior…
ocassionallyaduck@lemmy.world 2 months ago
Jesus, why not fine them 5 bucks?
What a joke.
octopus_ink@lemmy.ml 2 months ago
Meta: The company whose products you use when you absolutely, positively don’t give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.
werefreeatlast@lemmy.world 2 months ago
If it’s free, you are the product.
joshcodes@programming.dev 2 months ago
This just doesn’t hold up in 2024. BMW charge you 60k for a vehicle and chuck a subscription on top. Apple, Google and Samsung charge between hundreds and thousands for their phones and advertise with their own agencies. Amazon forces paying customers to wade through bullshit products to finally buy the one they want, customers who bought prime and who didn’t.
Everyone is the product even if you pay. Stop saying this please.
Moah@lemmy.blahaj.zone 2 months ago
Well now even when you pay you’re the product.
Serinus@lemmy.world 2 months ago
I haven’t paid for Lemmy yet. Well, other than volunteer time.
I guess if we want something where we’re not the product, we have to build it ourselves.
Laristal@lemmy.dbzer0.com 2 months ago
And these are the people who demand id to get back into your account if they find activity they deem suspicious.
jayandp@sh.itjust.works 2 months ago
Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.
kent_eh@lemmy.ca 2 months ago
They tried to do the same to me on Instagram.
Nope, it’s not worth that level of privacy invasion.
Darkassassin07@lemmy.ca 2 months ago
Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…
leisesprecher@feddit.org 2 months ago
Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
ObviouslyNotBanana@lemmy.world 2 months ago
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque.
IsThisAnAI@lemmy.world 2 months ago
Have you ever worked for government IT? Most of it is ages behind private sector.
BearOfaTime@lemm.ee 2 months ago
The difference is even this pjttance if a fine wouldn’t happen in a planned economy.
And you’re ignoring what happens in the SMB space.
ramble81@lemm.ee 2 months ago
Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
frezik@midwest.social 2 months ago
At the time Facebook was invented, plaintext passwords had been a joke for years.
Dindonmasker@sh.itjust.works 2 months ago
They are still on the old system of writing them down on paper XD
FutileRecipe@lemmy.world 2 months ago
old system of writing them down on paper
That’s harder to steal/hack by someone across the globe.
dan@upvote.au 2 months ago
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,
which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
eager_eagle@lemmy.world 2 months ago
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
frezik@midwest.social 2 months ago
Careless logging is the one.
IsThisAnAI@lemmy.world 2 months ago
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It’s not great but I understand how it happens if they didn’t have strong monitoring and system ownership.
bolapara@lemmy.ml 2 months ago
This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.
cmnybo@discuss.tchncs.de 2 months ago
This is why you never reuse passwords. Usually there’s no way to tell if a site is storing them in plain text until there’s a data breach.
m3t00@lemmy.world 2 months ago
17 cents apiece
oo1@lemmings.world 2 months ago
I hope i dont get fined for
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
FiskFisk33@startrek.website 2 months ago
nah, sha-256 is fine, though you should pick something stronger than “password”
oo1@lemmings.world 2 months ago
Don’t worry I don’t use that for my internet bank: 19513FDC9DA4FB72A4A05EB66917548D3C90FF94D5419E1F2363EEA89DFEE1DD
FJW@discuss.tchncs.de 2 months ago
That “m” should be a “b”. For a company that size, there is truly no excuse!
shortwavesurfer@lemmy.zip 2 months ago
Glad i deleted mine in 2018 and use a password manager (KeepassDX).
Yuki@kutsuya.dev 2 months ago
Something like this should be like 15% of last year’s revenue.
bazingabot@lemmy.world 2 months ago
eehw, Facebook
Cadeillac@lemmy.world 2 months ago
Hold on, let me dig around for my surprised face
pr06lefs@lemmy.ml 2 months ago
Whoa, better make sure all my pwds are in keepass! Didn’t know the fines were so hefty for that.
Emi@ani.social 2 months ago
All fines should be percentage of income instead of some arbitrary number.
The_v@lemmy.world 2 months ago
They also need to remove the limited liability from companies for intentional illegal activities.
illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.
Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc…
yuki2501@lemmy.world 2 months ago
Intentional? Better use Negligent. It’s hard to prove intent; knowledge of something going on is much easier to prove.
Vespair@lemm.ee 2 months ago
100%. We need more personal liability for the evils of big business, not less
Skymt@lemmy.world 2 months ago
And collected from shareholder payouts.
rottingleaf@lemmy.world 2 months ago
Shoulda coulda woulda.
My aunt recently gave me a good advice, and a person in one chat with, I suspect, very interesting expertise gave the same advice in different form.
Emotions harm reason, and propaganda is not just directed at suppressing or increasing the emotion. It’s directed at making you emotional when you should be patient, and apathetic when you should be emotional, and act when you should wait, and wait when you should act.
It can easily work since everyone feels their fight of their day to be unique. But it’s not, and more than that - you can always look a few years back and remember that not only was it predicted, but you yourself predicted it.
By all this smartassery I meant - people making the laws don’t want them to work as we do, and they have sterilized the field. Think further.
floquant@lemmy.dbzer0.com 2 months ago
Point being…?