News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    Home Forums AskWoody blog Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    This topic contains 23 replies, has 13 voices, and was last updated by  Steve 4 months ago.

    • Author
      Posts
    • #549495 Reply

      woody
      Da Boss

      Talk about Friday night news dumps… Iain Thomson, writing for The Reg, wasn’t distracted by today’s news. Previously, Facebook said that “tens of th
      [See the full post at: Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed]

      5 users thanked author for this post.
    • #549753 Reply

      GreatAndPowerfulTech
      AskWoody Lounger

      No one should be surprised that Facebook, which has had a culture of disdain for users since day one, lies on an ongoing basis. The only hope is to clean house of Zuckerberg’s team, and establish a new board and management team that can efficiently and effectively run a business while also being ethical.

      GreatAndPowerfulTech

      4 users thanked author for this post.
      • #550274 Reply

        anonymous

        Finding ethical people to be on that board might be difficult, maybe the EFF folks could be better? Also when we hear of data breaches or foolishness regarding passwords, everybody should assume their account is compromised and change the password for the service.

    • #549946 Reply

      Seff
      AskWoody Plus

      If you just work from the premise that there’s no such thing as privacy on the internet then you probably won’t go far wrong.

      Then again, most if not all of the bad things about the internet would disappear overnight if anonymity was totally removed and people accepted as much responsibility for their actions on the internet as they used to have to do for their actions in previous mediums!

      2 users thanked author for this post.
      • #552218 Reply

        anonymous

        What does this have to do with Facebook’s foolishness?

        • #553680 Reply

          Bluetrix
          AskWoody MVP

          What does this have to do with Facebook’s foolishness?

          I could ‘splain Lucy, but it would have to be in the Rants Forum.

          Windows10 Home 1809 | Mint19 on VM

          3 users thanked author for this post.
          • #555838 Reply

            anonymous

            Facebook’s internal data mismanagement has no relation to end users exhibiting terrible behavior.

    • #551520 Reply

      anonymous

      Similar to Seff’s observation on illusion of privacy. Each time I read some small portion of a group was exposed, my first question is what made them special among the global list?

      I simply assume there was nothing that made the few thousand different from the millions. That all the millions were handled exactly the same way. And that the initial announcement is to break the ice with a minimizing statement. The goal is to defray the expected outrage with a two stage or more press release. I have rarely been disappointed by using this assumption, and following logic.

      Why would they have more than one method for handling user information? I conclude all were handled the same, and all were exposed to the same degree.

      2 users thanked author for this post.
    • #556165 Reply

      OscarCP
      AskWoody Plus

      This is a real “there ought to be a law” moment, and one could add: “and not too soon!”.

      Because, yes, this is bad, and it just keeps getting worse:

      https://www.theguardian.com/technology/2019/apr/18/instagram-facebook-password-lapse-privacy-breach-data-exposed-

      Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

      3 users thanked author for this post.
      • #558303 Reply

        Bluetrix
        AskWoody MVP

        Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

        I’m guessing you refer to the Data Care Act. It’s most likely buried in some subcommittee.

        While some support it, push back on overreaching is bantered about. From what I read about it the concern was related to ISP’s and OSP’s data collection, selling and sharing personal information. Not sure if that would relate to FB, they aren’t either.

        Small read here: https://www.law.com/nationallawjournal/2019/01/25/why-the-data-care-act-matters/?slreturn=20190318203537

        Windows10 Home 1809 | Mint19 on VM

        2 users thanked author for this post.
        • #559212 Reply

          Bluetrix
          AskWoody MVP

          The bill defines “online service providers” broadly to include any entity that “is engaged in interstate commerce over the internet or any other digital network” and “collects individual identifying data about end users.”

          I stand corrected on my ISP/OSP comment.

          Windows10 Home 1809 | Mint19 on VM

          2 users thanked author for this post.
    • #557053 Reply

      Nathan Parker
      AskWoody_MVP

      I also read about it here:

      https://www.macrumors.com/2019/04/18/millions-of-instagram-passwords-plain-text/

      And that’s not the only Facebook “security and privacy issue du jour” today:

      https://www.macrumors.com/2019/04/18/facebook-scraped-email-contacts-of-users/

      Nathan Parker

      3 users thanked author for this post.
    • #558136 Reply

      OscarCP
      AskWoody Plus

      And, as I think willygirl already has pointed out elsewhere at Woody’s, even if one is not in one of these (anti)social networks (the following example is all mine) someone who is might have already published pictures of you — with your name and place of residence in the caption — having a terrific time with a great-looking lady (unfortunately, as it later transpired, not your lady wife) when they (the ones who took and then posted the picture) were with you and such a delightful companion (to whom they thought you were lawfully wedded) having a lovely time at the annual local Lions’ Club barbecue.

      2 users thanked author for this post.
      • #558506 Reply

        Bluetrix
        AskWoody MVP

        annual local Lions’ Club barbecue.

        I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

        😀

        Windows10 Home 1809 | Mint19 on VM

        2 users thanked author for this post.
        • #558764 Reply

          OscarCP
          AskWoody Plus

          Hmmm… Are you also counting in as “barbecues” the rubber-chicken events? I wouldn’t dare take any lady, regardless of marital status, to one such event.

          Now, to a “pancake breakfast”… well, there is an idea!

    • #562886 Reply

      OscarCP
      AskWoody Plus

      And, not to repeat myself but, well, it can’t b helped: This just keeps getting worse and worse.

      https://www.theverge.com/2019/4/18/18485599/facebook-instagram-passwords-plain-text-millions-users

      Today’s update just expands the scope of the security lapse. Facebook has had a particularly bad year when it comes to security issues — Cambridge Analytica, a giant hack, another hack — and this news comes the same day that we found out Facebook had been accessing and storing some users’ email contacts without their permission, after encouraging users to hand over their email address passwords. Facebook says it’ll be contacting all the people whose Instagram passwords were improperly stored.

      “Encouraging users to hand over their email address [account] password”. Isn’t that something?

      But not even original: Linkedin, the CV-showing place and professional connections network also asks (or used to ask) for one’s email account password.

      I was once in the process of registering and creating an account there, at the invitation of a colleague. When I was doing that, this request for providing them with my email account password came to my attention. Immediately I click off the Web page of Linkedin where one registers as a new member. When later I got an email from Linkedin telling me my registration had to be completed, I answered that I did not want to register, because of their asking me to reveal my email account password in order to let me register. End of story.

      • #599905 Reply

        The Surfing Pensioner
        AskWoody Plus

        ?? LinkedIn has never asked me for my password! I also have a Facebook account, which causes me no concern whatsoever. It is public and I make absolutely certain nothing gets posted there that I should not want the world to see. I normally log on a couple of times a year to update my profile picture and say, Hi, fans, I’m still alive! After all, it’s meant to be a billboard, isn’t it? Treat it like one and you haven’t got a problem.

    • #564715 Reply

      Nathan Parker
      AskWoody_MVP

      We need a new column “Facebook Security and Privacy Issue Du Jour” we can run every day since it seems a new issue (or more than one issue) occurs every day.

      Nathan Parker

    • #584267 Reply

      MrJimPhelps
      AskWoody_MVP

      I suggest that people not use the same password for FB, Instagram, etc., that they use for other things. If you had a separate social media password, then the only thing that would have been exposed here would have been your social media password.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      • #584341 Reply

        PKCano
        Da Boss

        And all the information in that account……

      • #590917 Reply

        AlexEiffel
        AskWoody_MVP

        I agree.

        Good security practices recommend that you never reuse a password anywhere.

        Even the security questions should not be reused and they should not contain personal unchangeable data.

        And 2FA should be used where possible, with a token or the equivalent app, but no SMS.

        • #594389 Reply

          OscarCP
          AskWoody Plus

          Alex Eiffel: ” Good security practices recommend that you never reuse a password anywhere. “

          Quite true, always a wise thing to do, but probably not enough, in this case. Some bad actors getting one’s password from the FB break-in (or some bad FB employee) can do a lot of harm by browsing one’s personal information there, even if those bad actors are unable to access other accounts elsewhere.

          Especially if they also got from a user the email account password, as already mentioned. What has not been mentioned is exactly how that would create a most dire risk to that user, something I think needs to be spelled out very clearly, as not everybody may realize just how bad a risk this can be. I hope others may be able to offer further information on this particular. It could be of real service to some loungers.

    • #588049 Reply

      madhatter
      AskWoody Plus

      Facebook should go the way of the dinosaurs:  extinct

    • #654241 Reply

      Steve
      AskWoody Plus

      OscarCP wrote: annual local Lions’ Club barbecue.

      I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

      {Henry McGee to Fred Scuttle (Benny Hill) And what is your main function?

      “Oh. Well, our main function is our annual dinner dance, which we hold twice a year.” ;)}

      Every day, another report comes across that makes me glad I never surrendered to the lure of F**ebook and Ins**gram. People, this is how you will be compromised. Not via some ransomware or DDoS attack. Get off there NOW. {There would be an emoji here – but I can’t find it rapidly enough – so I’ll try these.} ❗ 😯 X-)

      Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr28

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.