News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    Home Forums AskWoody blog Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    Viewing 11 reply threads
    • Author
      Posts
      • #549495 Reply
        woody
        Da Boss

        Talk about Friday night news dumps… Iain Thomson, writing for The Reg, wasn’t distracted by today’s news. Previously, Facebook said that “tens of th
        [See the full post at: Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed]

        5 users thanked author for this post.
      • #549753 Reply
        GreatAndPowerfulTech
        AskWoody Plus

        No one should be surprised that Facebook, which has had a culture of disdain for users since day one, lies on an ongoing basis. The only hope is to clean house of Zuckerberg’s team, and establish a new board and management team that can efficiently and effectively run a business while also being ethical.

        GreatAndPowerfulTech

        4 users thanked author for this post.
        • #550274 Reply
          anonymous
          Guest

          Finding ethical people to be on that board might be difficult, maybe the EFF folks could be better? Also when we hear of data breaches or foolishness regarding passwords, everybody should assume their account is compromised and change the password for the service.

      • #549946 Reply
        Seff
        AskWoody Plus

        If you just work from the premise that there’s no such thing as privacy on the internet then you probably won’t go far wrong.

        Then again, most if not all of the bad things about the internet would disappear overnight if anonymity was totally removed and people accepted as much responsibility for their actions on the internet as they used to have to do for their actions in previous mediums!

        2 users thanked author for this post.
        • #552218 Reply
          anonymous
          Guest

          What does this have to do with Facebook’s foolishness?

          • #553680 Reply
            Bluetrix
            AskWoody MVP

            What does this have to do with Facebook’s foolishness?

            I could ‘splain Lucy, but it would have to be in the Rants Forum.

            3 users thanked author for this post.
            • #555838 Reply
              anonymous
              Guest

              Facebook’s internal data mismanagement has no relation to end users exhibiting terrible behavior.

      • #551520 Reply
        anonymous
        Guest

        Similar to Seff’s observation on illusion of privacy. Each time I read some small portion of a group was exposed, my first question is what made them special among the global list?

        I simply assume there was nothing that made the few thousand different from the millions. That all the millions were handled exactly the same way. And that the initial announcement is to break the ice with a minimizing statement. The goal is to defray the expected outrage with a two stage or more press release. I have rarely been disappointed by using this assumption, and following logic.

        Why would they have more than one method for handling user information? I conclude all were handled the same, and all were exposed to the same degree.

        2 users thanked author for this post.
      • #556165 Reply
        OscarCP
        AskWoody Plus

        This is a real “there ought to be a law” moment, and one could add: “and not too soon!”.

        Because, yes, this is bad, and it just keeps getting worse:

        https://www.theguardian.com/technology/2019/apr/18/instagram-facebook-password-lapse-privacy-breach-data-exposed-

        Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        3 users thanked author for this post.
        • #558303 Reply
          Bluetrix
          AskWoody MVP

          Here in the USA we don’t have much by way of relevant and effective legal protections for things like this, but there was a law introduced recently in Congress (in the Senate, I seem to remember) that, I believe, again if I remember correctly, was introduced and sponsored by members from both parties: Republicans and Democrats. Anybody knows how that is going?

          I’m guessing you refer to the Data Care Act. It’s most likely buried in some subcommittee.

          While some support it, push back on overreaching is bantered about. From what I read about it the concern was related to ISP’s and OSP’s data collection, selling and sharing personal information. Not sure if that would relate to FB, they aren’t either.

          Small read here: https://www.law.com/nationallawjournal/2019/01/25/why-the-data-care-act-matters/?slreturn=20190318203537

          2 users thanked author for this post.
          • #559212 Reply
            Bluetrix
            AskWoody MVP

            The bill defines “online service providers” broadly to include any entity that “is engaged in interstate commerce over the internet or any other digital network” and “collects individual identifying data about end users.”

            I stand corrected on my ISP/OSP comment.

            2 users thanked author for this post.
      • #557053 Reply
        Nathan Parker
        AskWoody_MVP

        I also read about it here:

        https://www.macrumors.com/2019/04/18/millions-of-instagram-passwords-plain-text/

        And that’s not the only Facebook “security and privacy issue du jour” today:

        https://www.macrumors.com/2019/04/18/facebook-scraped-email-contacts-of-users/

        Nathan Parker

        3 users thanked author for this post.
      • #558136 Reply
        OscarCP
        AskWoody Plus

        And, as I think willygirl already has pointed out elsewhere at Woody’s, even if one is not in one of these (anti)social networks (the following example is all mine) someone who is might have already published pictures of you — with your name and place of residence in the caption — having a terrific time with a great-looking lady (unfortunately, as it later transpired, not your lady wife) when they (the ones who took and then posted the picture) were with you and such a delightful companion (to whom they thought you were lawfully wedded) having a lovely time at the annual local Lions’ Club barbecue.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        2 users thanked author for this post.
        • #558506 Reply
          Bluetrix
          AskWoody MVP

          annual local Lions’ Club barbecue.

          I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

          😀

          2 users thanked author for this post.
          • #558764 Reply
            OscarCP
            AskWoody Plus

            Hmmm… Are you also counting in as “barbecues” the rubber-chicken events? I wouldn’t dare take any lady, regardless of marital status, to one such event.

            Now, to a “pancake breakfast”… well, there is an idea!

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #562886 Reply
        OscarCP
        AskWoody Plus

        And, not to repeat myself but, well, it can’t b helped: This just keeps getting worse and worse.

        https://www.theverge.com/2019/4/18/18485599/facebook-instagram-passwords-plain-text-millions-users

        Today’s update just expands the scope of the security lapse. Facebook has had a particularly bad year when it comes to security issues — Cambridge Analytica, a giant hack, another hack — and this news comes the same day that we found out Facebook had been accessing and storing some users’ email contacts without their permission, after encouraging users to hand over their email address passwords. Facebook says it’ll be contacting all the people whose Instagram passwords were improperly stored.

        “Encouraging users to hand over their email address [account] password”. Isn’t that something?

        But not even original: Linkedin, the CV-showing place and professional connections network also asks (or used to ask) for one’s email account password.

        I was once in the process of registering and creating an account there, at the invitation of a colleague. When I was doing that, this request for providing them with my email account password came to my attention. Immediately I click off the Web page of Linkedin where one registers as a new member. When later I got an email from Linkedin telling me my registration had to be completed, I answered that I did not want to register, because of their asking me to reveal my email account password in order to let me register. End of story.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        • #599905 Reply
          The Surfing Pensioner
          AskWoody Plus

          ?? LinkedIn has never asked me for my password! I also have a Facebook account, which causes me no concern whatsoever. It is public and I make absolutely certain nothing gets posted there that I should not want the world to see. I normally log on a couple of times a year to update my profile picture and say, Hi, fans, I’m still alive! After all, it’s meant to be a billboard, isn’t it? Treat it like one and you haven’t got a problem.

      • #564715 Reply
        Nathan Parker
        AskWoody_MVP

        We need a new column “Facebook Security and Privacy Issue Du Jour” we can run every day since it seems a new issue (or more than one issue) occurs every day.

        Nathan Parker

      • #584267 Reply
        MrJimPhelps
        AskWoody_MVP

        I suggest that people not use the same password for FB, Instagram, etc., that they use for other things. If you had a separate social media password, then the only thing that would have been exposed here would have been your social media password.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        • #584341 Reply
          PKCano
          Da Boss

          And all the information in that account……

        • #590917 Reply
          AlexEiffel
          AskWoody_MVP

          I agree.

          Good security practices recommend that you never reuse a password anywhere.

          Even the security questions should not be reused and they should not contain personal unchangeable data.

          And 2FA should be used where possible, with a token or the equivalent app, but no SMS.

          • #594389 Reply
            OscarCP
            AskWoody Plus

            Alex Eiffel: ” Good security practices recommend that you never reuse a password anywhere. “

            Quite true, always a wise thing to do, but probably not enough, in this case. Some bad actors getting one’s password from the FB break-in (or some bad FB employee) can do a lot of harm by browsing one’s personal information there, even if those bad actors are unable to access other accounts elsewhere.

            Especially if they also got from a user the email account password, as already mentioned. What has not been mentioned is exactly how that would create a most dire risk to that user, something I think needs to be spelled out very clearly, as not everybody may realize just how bad a risk this can be. I hope others may be able to offer further information on this particular. It could be of real service to some loungers.

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #588049 Reply
        madhatter
        AskWoody Lounger

        Facebook should go the way of the dinosaurs:  extinct

      • #654241 Reply
        Steve
        AskWoody Plus

        OscarCP wrote: annual local Lions’ Club barbecue.

        I’ll have you know we have them more often that that, but a pancake breakfast is more likely.

        {Henry McGee to Fred Scuttle (Benny Hill) And what is your main function?

        “Oh. Well, our main function is our annual dinner dance, which we hold twice a year.” ;)}

        Every day, another report comes across that makes me glad I never surrendered to the lure of F**ebook and Ins**gram. People, this is how you will be compromised. Not via some ransomware or DDoS attack. Get off there NOW. {There would be an emoji here – but I can’t find it rapidly enough – so I’ll try these.} ❗ 😯 X-)

        Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr28
    Viewing 11 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.