Meta pays the price for storing passwords in plaintext

kleinsch · 2024-09-28T03:42:51 1727494971

Author of this article learned a lot about password hashing, missed the detail that this was in logs, not the database. Usually you try to avoid logging passwords, you don’t hash them in logs.

appendix-rock · 2024-09-28T08:36:08 1727512568

Yup. A bunch of coverage is understating this point, and the peanut gallery commenters are taking it hook, line, and sinker. Accidentally logging plaintext passwords, whilst concerningly incompetent, is not on the same level as explicitly deciding to store plaintext passwords.

mozzieman · 2024-09-28T06:16:25 1727504185

Most companies have this problem, devs logging credentials all the time. Many web frameworks have a log all then blacklist mentality which leads to soo many mistakes. ex ruby on rails etc.

ChrisArchitect · 2024-09-28T04:41:51 1727498511

[dupe]

Discussion: https://news.ycombinator.com/item?id=41669912

zoklet-enjoyer · 2024-09-28T03:32:24 1727494344

The fine is too low for a company of this size.

deafpolygon · 2024-09-28T06:01:36 1727503296

91m is a drop in the bucket for Meta. Jesus.