Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

Topic

New Reply

Talk about Friday night news dumps… Iain Thomson, writing for The Reg, wasn’t distracted by today’s news. Previously, Facebook said that “tens of th
[See the full post at: Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed]

5 users thanked author for this post.

Lori, Myst, Elly, PhotM, OscarCP

Reply | Quote

Replies

No one should be surprised that Facebook, which has had a culture of disdain for users since day one, lies on an ongoing basis. The only hope is to clean house of Zuckerberg’s team, and establish a new board and management team that can efficiently and effectively run a business while also being ethical.

GreatAndPowerfulTech

4 users thanked author for this post.

johnf, BobbyB, Myst, wdburt1

Reply | Quote

Finding ethical people to be on that board might be difficult, maybe the EFF folks could be better? Also when we hear of data breaches or foolishness regarding passwords, everybody should assume their account is compromised and change the password for the service.

Reply | Quote

If you just work from the premise that there’s no such thing as privacy on the internet then you probably won’t go far wrong.

Then again, most if not all of the bad things about the internet would disappear overnight if anonymity was totally removed and people accepted as much responsibility for their actions on the internet as they used to have to do for their actions in previous mediums!

2 users thanked author for this post.

Myst, Bluetrix

Reply | Quote

What does this have to do with Facebook’s foolishness?

Reply | Quote

anonymous wrote:

What does this have to do with Facebook’s foolishness?

I could ‘splain Lucy, but it would have to be in the Rants Forum.

3 users thanked author for this post.

Steve, Myst, OscarCP

Reply | Quote

Facebook’s internal data mismanagement has no relation to end users exhibiting terrible behavior.

Reply | Quote

Similar to Seff’s observation on illusion of privacy. Each time I read some small portion of a group was exposed, my first question is what made them special among the global list?

I simply assume there was nothing that made the few thousand different from the millions. That all the millions were handled exactly the same way. And that the initial announcement is to break the ice with a minimizing statement. The goal is to defray the expected outrage with a two stage or more press release. I have rarely been disappointed by using this assumption, and following logic.

Why would they have more than one method for handling user information? I conclude all were handled the same, and all were exposed to the same degree.

2 users thanked author for this post.

Myst, OscarCP

Reply | Quote

This is a real “there ought to be a law” moment, and one could add: “and not too soon!”.

Because, yes, this is bad, and it just keeps getting worse:

https://www.theguardian.com/technology/2019/apr/18/instagram-facebook-password-lapse-privacy-breach-data-exposed-

Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

johnf, Myst, Bluetrix

Reply | Quote

OscarCP wrote:

Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

I’m guessing you refer to the Data Care Act. It’s most likely buried in some subcommittee.

While some support it, push back on overreaching is bantered about. From what I read about it the concern was related to ISP’s and OSP’s data collection, selling and sharing personal information. Not sure if that would relate to FB, they aren’t either.

Small read here: https://www.law.com/nationallawjournal/2019/01/25/why-the-data-care-act-matters/?slreturn=20190318203537

2 users thanked author for this post.

Myst, OscarCP

Reply | Quote

The bill defines “online service providers” broadly to include any entity that “is engaged in interstate commerce over the internet or any other digital network” and “collects individual identifying data about end users.”

I stand corrected on my ISP/OSP comment.

2 users thanked author for this post.

Myst, OscarCP

Reply | Quote

I also read about it here:

https://www.macrumors.com/2019/04/18/millions-of-instagram-passwords-plain-text/

And that’s not the only Facebook “security and privacy issue du jour” today:

https://www.macrumors.com/2019/04/18/facebook-scraped-email-contacts-of-users/

Nathan Parker

3 users thanked author for this post.

Myst, OscarCP, Bluetrix

Reply | Quote

And, as I think willygirl already has pointed out elsewhere at Woody’s, even if one is not in one of these (anti)social networks (the following example is all mine) someone who is might have already published pictures of you — with your name and place of residence in the caption — having a terrific time with a great-looking lady (unfortunately, as it later transpired, not your lady wife) when they (the ones who took and then posted the picture) were with you and such a delightful companion (to whom they thought you were lawfully wedded) having a lovely time at the annual local Lions’ Club barbecue.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Myst, Bluetrix

Reply | Quote

OscarCP wrote:

annual local Lions’ Club barbecue.

I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

😀

2 users thanked author for this post.

Myst, OscarCP

Reply | Quote

Hmmm… Are you also counting in as “barbecues” the rubber-chicken events? I wouldn’t dare take any lady, regardless of marital status, to one such event.

Now, to a “pancake breakfast”… well, there is an idea!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

And, not to repeat myself but, well, it can’t b helped: This just keeps getting worse and worse.

https://www.theverge.com/2019/4/18/18485599/facebook-instagram-passwords-plain-text-millions-users

” Today’s update just expands the scope of the security lapse. Facebook has had a particularly bad year when it comes to security issues — Cambridge Analytica, a giant hack, another hack — and this news comes the same day that we found out Facebook had been accessing and storing some users’ email contacts without their permission, after encouraging users to hand over their email address passwords. Facebook says it’ll be contacting all the people whose Instagram passwords were improperly stored. ”

“Encouraging users to hand over their email address [account] password”. Isn’t that something?

But not even original: Linkedin, the CV-showing place and professional connections network also asks (or used to ask) for one’s email account password.

I was once in the process of registering and creating an account there, at the invitation of a colleague. When I was doing that, this request for providing them with my email account password came to my attention. Immediately I click off the Web page of Linkedin where one registers as a new member. When later I got an email from Linkedin telling me my registration had to be completed, I answered that I did not want to register, because of their asking me to reveal my email account password in order to let me register. End of story.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

?? LinkedIn has never asked me for my password! I also have a Facebook account, which causes me no concern whatsoever. It is public and I make absolutely certain nothing gets posted there that I should not want the world to see. I normally log on a couple of times a year to update my profile picture and say, Hi, fans, I’m still alive! After all, it’s meant to be a billboard, isn’t it? Treat it like one and you haven’t got a problem.

Reply | Quote

We need a new column “Facebook Security and Privacy Issue Du Jour” we can run every day since it seems a new issue (or more than one issue) occurs every day.

Nathan Parker

Reply | Quote

I suggest that people not use the same password for FB, Instagram, etc., that they use for other things. If you had a separate social media password, then the only thing that would have been exposed here would have been your social media password.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

And all the information in that account……

Reply | Quote

I agree.

Good security practices recommend that you never reuse a password anywhere.

Even the security questions should not be reused and they should not contain personal unchangeable data.

And 2FA should be used where possible, with a token or the equivalent app, but no SMS.

Reply | Quote

Alex Eiffel: ” Good security practices recommend that you never reuse a password anywhere. “

Quite true, always a wise thing to do, but probably not enough, in this case. Some bad actors getting one’s password from the FB break-in (or some bad FB employee) can do a lot of harm by browsing one’s personal information there, even if those bad actors are unable to access other accounts elsewhere.

Especially if they also got from a user the email account password, as already mentioned. What has not been mentioned is exactly how that would create a most dire risk to that user, something I think needs to be spelled out very clearly, as not everybody may realize just how bad a risk this can be. I hope others may be able to offer further information on this particular. It could be of real service to some loungers.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Facebook should go the way of the dinosaurs:  extinct

Reply | Quote

Bluetrix wrote:

OscarCP wrote: annual local Lions’ Club barbecue.

I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

{Henry McGee to Fred Scuttle (Benny Hill) And what is your main function?

“Oh. Well, our main function is our annual dinner dance, which we hold twice a year.” ;)}

Every day, another report comes across that makes me glad I never surrendered to the lure of F**ebook and Ins**gram. People, this is how you will be compromised. Not via some ransomware or DDoS attack. Get off there NOW. {There would be an emoji here – but I can’t find it rapidly enough – so I’ll try these.} ❗ 😯 X-)

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

Reply | Quote