• Facebook admits it stored ‘hundreds of millions’ of passwords in plaintext
    22 replies, posted
https://techcrunch.com/2019/03/21/facebook-plaintext-passwords Again? Really... Facebook are not having a good time lately.
If I didn't use fb to communicate with a few important people I would delete my account ASAP.
Mines been deleted for over 8 years now, I have not regretted it at all.
Why is it apparently so hard to companies to use even basic security practices? Is there no "Big Book of Shit You Shouldn't Do With Your User's Passwords" published somewhere that they can make required reading?
How many years of security specialists looking at those passwords and thinking "yup seems fine".
See this is why I'm so against all of the "basic PHP/MySQL login tutorials"
maybe I don't understand because I deleted my Facebook years ago and seldom talked to people on it but what's stopping people from just texting or calling these days?
Convenience. Working with people and being the one person in the group who's difficult to contact is just not ideal.
Don't they keep a record of your account and everything you've done even if you delete your account? Or was that just a rumor
GDPR means they can't do that for people in Europe. In the states though? You'd better believe that there's a you-shaped hole where your account used to be.
To follow up on this, no company ever will actually delete data unless legally required to. It's an entire way of thinking: never delete anything. Ever. Unless you absolutely must.
Man, I don't even fucking store my passwords in plaintext. I have them in a physical book with entire sections that only I have memorized sharpied out.
Even then. unless you specify it's a request for deletion under GDPR, they still only "deactivate" your account.
I do find myself wondering what factors contribute most to this seemingly constant trend of not being able to figure out how to do salted hashing. Is it because of looming deadlines making non mission critical parts of software something to put on the backburner? Is it because of laziness? Is it bad developers who can't wrap their heads around basic computer science concepts and don't understand what a hash is? Is it some sort of weird internal bureaucracy thing regarding program structure and libraries and shit? I'm trying to think up some sort of other professional analogue for this, it'd be like if electricians consistently forgot to put a circuit breaker into buildings or some shit like that, and when questioned about why they just throw up their hands and shrug. It's fucking bizarre.
Effort and risk assessment probably. Why put time and effort into preventing something that may take a long time to happen and when it does, doesn't meaningfully hurt you
this is why all security companies are trash including bank security and is piss easy to break if you know what youre doing. these companies are actually incompetent boomers who THINK they understand how a computer/sec. works. they think wrong.
So if you just lied to Facebook and told them you moved to Europe, could you request this?
I deleted my facebook account proper but I can still keep in touch with people with messenger.
I can't think of a possible reason any company would ever have passwords in plaintext.
i had mine deleted for roughly the same time but just remade an account that only has my name and a picture of me and the state i live in so that people don't confuse with me with a similar looking person with the same name as me who puts erotic anime all over their facebook wall
wow great website zucc the computer person
You can just say you have an alt account, we won't judge you.
Is this a joke Facebook? Ha Ha Get your shit together.
Sorry, you need to Log In to post a reply to this thread.