Holy cow, I've been in this industry for decades and can't remember a time when everyone knew that you encrypted the damn passwords*:
Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees.
Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in plaintext and stored them in a database that had been searched by roughly 2,000 company engineers, who collectively queried the stash more than 9 million times.
This is such a rookie mistake that it makes you wonder what those 9 million queries were looking for. Meta has such a horrible reputation for abusing its users privacy that the suspicion is that this was just one more wring on that rag. That's only a suspicion, but Meta has certainly earned that suspicion over the years.
* Yeah, yeah I know - one-way hash. I try not to use too much tech jargon.
Don't forget FECESbook was asking for user passwords so they could make changes for those users.
ReplyDeleteSometime in the future, we will officially learn that FECESbook is a giant criminal organization.
This was disclosed 5 years ago and it's only news now?
ReplyDeleteAlso ... 9e6 queries / 2000 engineers / 5 years / 365 days per year = 2.5 queries per day, on average. I'd dearly love to hear a believable explanation for that rate.
That should be, 2.5 queries per day, per engineer. On average.
Deletejwl, yeah - I don't see any way this can be spun as anything other than terrible.
ReplyDeleteWTH??? BASIC security...gahhh, never mind
ReplyDelete