stop storing passwords in plain text you fucking dipshits
"But it was the logs this time. Sheesh you guys just are never satisfied. We salt and encrypt our passwords in a database and lock everything behind 2-factor Auth. So what if we then dumped those secure passwords out in plaintext readable format in the logs? Nobody knew and as we all know 'Security through Obscurity' is a perfectly fine defense mechanism against bad actors both in and outside our company."
They really dont want people to use their service dont they
thanks ZUCC. If i use facebook to log in to instagram, am i still affected?
Shouldn't be, since those login pages do not send any passwords to log.
Storing information like passwords in plaintext for corporations should be illegal, in my opinion.
It is illegal (in the EU). It's a GDPR provision I believe.
Instagram is a piece of shit, I somehow managed to get hundreds of spam bots/hacked users following my quiet account a few nights ago so I just disabled it, it fucking blows my mind that you can't just outright delete your account. Back when I did post more regularly, I was reporting 5 bots a day and it was just a bother to maintain.
I think you can delete your account?
I did it a while ago, but it's possible.
Šećer-aga stop fucking shit up
I'm sort of perturbed by the fact that it's an almost exact ripoff of Instagram.
Are they trying to be better?
Couldn't they have done something at least a little bit different?
Clickbait title. No passwords have been leaked. It was discovered by Facebook engineers that certain logs within their databases did not properly mask out passwords.
Our investigation has determined that these stored passwords were not internally abused or improperly accessed
The blog post is here: Keeping Passwords Secure | Facebook Newsroom
Well if some dickhead employee were to do something.
There's also a 500px UI and a Tumblr UI you can swap to. The better part is that it's federated like email. You can host your own pixelfed server if you want and it'll talk to the rest of them.
A lot of things could happen, but don't.
You ever notice how almost everything ever gets leaked? Well imagine if you had a financial incentive to leak something.
Conspiracy theory time: Facebook did it on purpose, they sold the into/data and then make it seem like an "hack" or leak. Its 2020 how can any billion dollar company not know to have their passwords encrypted and not in plain text, an major tech company as well.
These recent Facebook/IG things weren't them storing the passwords themselves in plain text. Rather their internal server logging not masking passwords. Something that is very easy to do if you've been doing some work where you were logging that information for debugging purposes and either forgot to take it out, or logged it at a level that the production environment would also print it out.
Software developers aren't infallible and fuck ups like this happen a lot more often than you'd hope. Something innocuous looking like a debugging log line could has passed peer review if the reviewer also dropped the ball and didn't realise it would be logging in the production environment too.
Assume incompetence before malice.
I wondered why my Instagram had been logged into from New York :/
It's probably because you've been using the same passwords across services that have had leaks. Since Instagram's passwords didn't get leaked.
Sorry, you need to Log In to post a reply to this thread.