• Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    45
    ·
    3 months ago

    Considering how old Facebook is, you’d think they would have their shit together when it comes to password security…

    • leisesprecher@feddit.org
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      2
      ·
      3 months ago

      Facebook is huge and has very diverse teams/departments. It’s absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.

      The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        5
        ·
        edit-2
        3 months ago

        The difference is even this pittance of a fine wouldn’t happen in a planned economy - it would be like the planners fining themselves.

        What we’re seeing here is a result of the amoral “beastly” types concentrating power. What you’re suggesting is to intentionally concentrate that power from the start.

        Facebook is a great example of democracy - the billions of people using it have effectively (in their voluntary ignorance) voted for it to be like this. These are the same people who would vote for policies in a pure democracy.

        And you’re ignoring what happens in the SMB space, where people aren’t part of the corrupt circle.

        You’re welcome to start a small community anywhere in the US with a planned economy, as proof of concept.

        You could call it… A commune, to indicate its goals.

    • ramble81@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      3 months ago

      Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:

      As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,

      which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 months ago

      These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.

      The questions I have surround the “since 2012” bit. FB exists since 2004, so what happened in 2012? Was it a data dump, a careless logger, system migration, or something else?

    • bolapara
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      This is almost certainly the result of accidentally letting the passwords get into the logging infrastructure.