this post was submitted on 27 Sep 2024
1115 points (99.6% liked)

Technology

58711 readers
4008 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
1115
Meta fined $102 million for storing passwords in plain text (www.engadget.com)
submitted 2 weeks ago by neme@lemm.ee to c/technology@lemmy.world
101 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Emi@ani.social 367 points 2 weeks ago (6 children)

All fines should be percentage of income instead of some arbitrary number.

[–] The_v@lemmy.world 152 points 2 weeks ago (2 children)

They also need to remove the limited liability from companies for intentional illegal activities.

illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.

Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc...

[–] yuki2501@lemmy.world 78 points 2 weeks ago

Intentional? Better use Negligent. It's hard to prove intent; knowledge of something going on is much easier to prove.

[–] Vespair@lemm.ee 27 points 2 weeks ago

100%. We need more personal liability for the evils of big business, not less

[–] sunzu2@thebrainbin.org 12 points 2 weeks ago

Why would the regime ever hurt itself tho?

[–] Skymt@lemmy.world 10 points 2 weeks ago

And collected from shareholder payouts.

load more comments (3 replies)
[–] Sundial@lemm.ee 209 points 2 weeks ago (2 children)

Meta's revenue is in the tens of billions. This fine isn't even a rounding error for them. This isn't something that should be taken so lightly.

[–] Coasting0942@reddthat.com 54 points 2 weeks ago (2 children)

Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.

[–] curbstickle@lemmy.dbzer0.com 23 points 2 weeks ago

Its about $2.6 billion per week in revenue, even by the weekly numbers its not an impact

(based on ~$135b in revenue for 2023, according to financial disclosure reports)

load more comments (1 replies)
[–] Fredselfish@lemmy.world 23 points 2 weeks ago

Yeah that was just a cost of business. Zuck probably pulled that from under his couch.

[–] penquin@lemm.ee 115 points 2 weeks ago (1 children)

Quick math: this is only 0.076% of their 2023's revenue. No wonder big corporations don't give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.

[–] irreticent@lemmy.world 30 points 2 weeks ago

They literally just consider fines as a cost of doing business.

[–] Teal@lemm.ee 105 points 2 weeks ago (15 children)

This is like when Dr Evil asks for $1 million dollars after being unfrozen. These courts need to get with the times.

[–] WhatYouNeed@lemmy.world 63 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Should be like GDPR fines: 4% of your annual global revenue.

Edit: just read "It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc's General Data Protection Regulation's (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing"

Wow, Meta really likes donating to the EU

load more comments (1 replies)
load more comments (14 replies)
[–] anzo@programming.dev 86 points 2 weeks ago (1 children)

They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend... This was so outrageous at the time. Now it's beyond absurdity.. Not to mention the fine is so small!

[–] AA5B@lemmy.world 33 points 2 weeks ago (7 children)

Not to excuse them, but this is from 2019. Yes, that behavior was so outrageous at the time, but hopefully it is no longer happening

[–] Blackmist@feddit.uk 39 points 2 weeks ago (3 children)

I remember my bank used to ask me for the 2nd, 5th and 7th letters of my password from time to time.

There's only one realistic way they can know those to ask me.

They haven't asked me that for a while now, so I can only hope they encrypted them properly at some point.

[–] andrew_bidlaw@sh.itjust.works 13 points 2 weeks ago

And you can imagine someone thinking it's super clever and secure.

[–] silentdon@lemmy.world 9 points 2 weeks ago

I once called my bank because I had trouble logging in. They didn't outright say it but they implied that they could see my password and asked if I wanted to update it by telling them the new one. I said no.

[–] dan@upvote.au 23 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:

As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems,

which is something I've seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

load more comments (2 replies)
[–] obinice@lemmy.world 9 points 2 weeks ago

2019 isn't some ancient far away time though, it's just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.

load more comments (4 replies)
[–] ocassionallyaduck@lemmy.world 65 points 2 weeks ago

Jesus, why not fine them 5 bucks?

What a joke.

[–] octopus_ink@lemmy.ml 59 points 2 weeks ago* (last edited 2 weeks ago) (18 children)

Meta: The company whose products you use when you absolutely, positively, don't give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.

load more comments (18 replies)
[–] Laristal@lemmy.dbzer0.com 53 points 2 weeks ago (1 children)

And these are the people who demand id to get back into your account if they find activity they deem suspicious.

[–] jayandp@sh.itjust.works 14 points 2 weeks ago (1 children)

Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.

load more comments (1 replies)
[–] Darkassassin07@lemmy.ca 47 points 2 weeks ago (9 children)

Considering how old Facebook is, you'd think they would have their shit together when it comes to password security...

[–] leisesprecher@feddit.org 51 points 2 weeks ago (7 children)

Facebook is huge and has very diverse teams/departments. It's absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.

The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.

[–] ObviouslyNotBanana@lemmy.world 21 points 2 weeks ago* (last edited 2 weeks ago)

Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque and responsibility ends in an understaffed, underpaid "support" line.

load more comments (6 replies)
[–] ramble81@lemm.ee 11 points 2 weeks ago (2 children)

Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.

[–] magic_smoke@links.hackliberty.org 15 points 2 weeks ago* (last edited 2 weeks ago)

Password hashing has been standard practice far longer than Facebook has existed. Even by 2004's awful, 'archaic' standards.

load more comments (1 replies)
load more comments (7 replies)
[–] cmnybo@discuss.tchncs.de 36 points 2 weeks ago

This is why you never reuse passwords. Usually there's no way to tell if a site is storing them in plain text until there's a data breach.

[–] m3t00@lemmy.world 29 points 2 weeks ago

17 cents apiece

[–] FJW@discuss.tchncs.de 26 points 2 weeks ago

That “m” should be a “b”. For a company that size, there is truly no excuse!

[–] oo1@lemmings.world 26 points 2 weeks ago (1 children)

I hope i dont get fined for

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

[–] FiskFisk33@startrek.website 24 points 2 weeks ago (1 children)

nah, sha-256 is fine, though you should pick something stronger than "password"

[–] oo1@lemmings.world 10 points 2 weeks ago (1 children)

Don't worry I don't use that for my internet bank: 19513FDC9DA4FB72A4A05EB66917548D3C90FF94D5419E1F2363EEA89DFEE1DD

[–] FiskFisk33@startrek.website 12 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

well, "Password1" is slightly better, I'll make sure not to tell anyone.

load more comments (1 replies)
[–] shortwavesurfer@lemmy.zip 19 points 2 weeks ago* (last edited 2 weeks ago)

Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.

[–] Yuki@kutsuya.dev 12 points 2 weeks ago

Something like this should be like 15% of last year's revenue.

[–] Cadeillac@lemmy.world 8 points 2 weeks ago

Hold on, let me dig around for my surprised face

load more comments
view more: next ›