ChrisArchitect
3 hours ago
[dupe] More: https://news.ycombinator.com/item?id=41669912
Meta pays the price for storing passwords in plaintext
23 pointsposted 13 hours ago
by furcyd7 Comments
metadat
10 hours ago
Related:
EU privacy regulator fines Meta 91M euros over password storage https://news.ycombinator.com/item?id=41669912 - September 2024 (28 comments)
user
11 hours ago
[deleted]
maxandrew
8 hours ago
No way this was accidental. You'd fail an interview for suggesting something like this.
nerdix
7 hours ago
Sounds like they logged passwords in plaintext. I seriously doubt that was done intentionally.
I think every developer has some idea how this could have happened.
Someone is working on a bug. "I'll print this state out to console and remove before committing." Forgets to remove it and does git add *. Its overlooked in code review and is then pushed to prod. Once running, the stdout of the process is automatically shipped to some log database. And just like that, there are now passwords in plaintext in the log database.
Sloppy as hell? Sure. Malicious? Highly unlikely.
KeepFlying
2 hours ago
My favorite is "I'll log out the state of this object, it's all okay for privacy because I've checked every field and gotten the privacy reviews to prove it" then a few months later someone adds a new field to the object not realizing it's logged by a lower layer to a table no one remembers exists....
Then a month later someone queries that table and....oh shit.
appendix-rock
8 hours ago
You’d fail an interview for doing a bunch of things that are done in orgs every day. What’s your point?