• adr1an@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend… This was so outrageous at the time. Now it’s beyond absurdity… Not to mention the fine is so small!

    • AA5B@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Not to excuse them, but this is from 2019. Yes, that behavior was so outrageous at the time, but hopefully it is no longer happening

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 months ago

        Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:

        As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,

        which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.

        There’s only one realistic way they can know those to ask me.

        They haven’t asked me that for a while now, so I can only hope they encrypted them properly at some point.

      • Imgonnatrythis@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I’m sure we can just trust that it’s better now. The small dent fee that falls under the category of "write-off’ on Meta’s budget probably really straightened up their behavior…

  • oo1@lemmings.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I hope i dont get fined for

    5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

      • oo1@lemmings.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Don’t worry I don’t use that for my internet bank: 19513FDC9DA4FB72A4A05EB66917548D3C90FF94D5419E1F2363EEA89DFEE1DD

          • oo1@lemmings.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Thanks, I appreciate that. I paid an independent IT security consultant lot of money to help me come up with it - so I don’t want to have to change it.

  • cmnybo@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    This is why you never reuse passwords. Usually there’s no way to tell if a site is storing them in plain text until there’s a data breach.

  • octopus_ink@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    2 months ago

    Meta: The company whose products you use when you absolutely, positively, don’t give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.

  • Teal@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    This is like when Dr Evil asks for $1 million dollars after being unfrozen. These courts need to get with the times.

    • WhatYouNeed@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      2 months ago

      Should be like GDPR fines: 4% of your annual global revenue.

      Edit: just read “It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc’s General Data Protection Regulation’s (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing”

      Wow, Meta really likes donating to the EU

  • Laristal@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    And these are the people who demand id to get back into your account if they find activity they deem suspicious.

    • jayandp@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.

  • Emi@ani.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    All fines should be percentage of income instead of some arbitrary number.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    2 months ago

    Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.

  • Sundial@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Meta’s revenue is in the tens of billions. This fine isn’t even a rounding error for them. This isn’t something that should be taken so lightly.

    • Coasting0942@reddthat.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.

  • penquin@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Quick math: this is only 0.076% of their 2023’s revenue. No wonder big corporations don’t give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.

  • Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…

    • ramble81@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:

      As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,

      which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

    • leisesprecher@feddit.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.

      The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.

  • pr06lefs@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Whoa, better make sure all my pwds are in keepass! Didn’t know the fines were so hefty for that.