The Irish Data Protection Commission (DPC) has fined Meta €91 million for a 2019 incident wherein the company stored millions of Facebook and Instagram passwords in plain text.
They also need to remove the limited liability from companies for intentional illegal activities.
illegal business practices should be charged to the people involved instead of the company. The executives who made the decision to break the law lose personal assets.
Otherwise the shitheads just pass the company losses onto the employees: no raises, hiring freezes, layoffs, reduction in benefits, etc...
Have you seen IT budgets? Some vice-president of technology is going to be pissed his numbers look bad compared to his peers during their weekly numbers measuring contest.
Quick math: this is only 0.076% of their 2023's revenue. No wonder big corporations don't give a fuck about fines and will continue doing fucked up/illegal shit. This is not a fine, this is a green light, my friends.
Should be like GDPR fines: 4% of your annual global revenue.
Edit: just read "It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc's General Data Protection Regulation's (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing"
They still store the passwords like that? I remember that quote of Zuckerberg doing so, in the early days, and boasting about it to a friend... This was so outrageous at the time. Now it's beyond absurdity.. Not to mention the fine is so small!
Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems,
which is something I've seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
2019 isn't some ancient far away time though, it's just a few years ago. If Facebook were doing stuff like this then, think who else is still doing it.
I'm sure we can just trust that it's better now. The small dent fee that falls under the category of "write-off' on Meta's budget probably really straightened up their behavior...
Meta: The company whose products you use when you absolutely, positively, don't give a shit that they are the worst example of the worst nightmare of a consumer-hostile, privacy-invading, you-are-the-product, tech company. Yes, even worse than Microsoft.
This just doesn't hold up in 2024. BMW charge you 60k for a vehicle and chuck a subscription on top. Apple, Google and Samsung charge between hundreds and thousands for their phones and advertise with their own agencies. Amazon forces paying customers to wade through bullshit products to finally buy the one they want, customers who bought prime and who didn't.
Everyone is the product even if you pay. Stop saying this please.
Yep, had basically a throw away account for the occasional thing that basically required a Facebook account, and then I guess because I never posted anything they locked my account and demanded ID. Hell no.
Facebook is huge and has very diverse teams/departments. It's absolutely possible the guys who know what security is, and the guys who build app xyz are in different departments, countries, continents.
The capitalists want us to believe otherwise, but large corporations are just as convoluted and inefficient as a planned economy.
Of not more. At least government gives some amount of insight and a chain of responsibility. Corporations are opaque and responsibility ends in an understaffed, underpaid "support" line.
The difference is even this pittance of a fine wouldn't happen in a planned economy - it would be like the planners fining themselves.
What we're seeing here is a result of the amoral "beastly" types concentrating power. What you're suggesting is to intentionally concentrate that power from the start.
Facebook is a great example of democracy - the billions of people using it have effectively (in their voluntary ignorance) voted for it to be like this. These are the same people who would vote for policies in a pure democracy.
And you're ignoring what happens in the SMB space, where people aren't part of the corrupt circle.
You're welcome to start a small community anywhere in the US with a planned economy, as proof of concept.
You could call it.... A commune, to indicate its goals.
Considering how old Facebook is…. They probably never bothered to upgrade the authentication system because “if it ain’t broke, don’t fix it” and it didn’t matter to their revenue.
I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:
As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems,
which is something I've seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.
It seems like it was one of those old systems from the earlier days that somehow was overlooked. It's not great but I understand how it happens if they didn't have strong monitoring and system ownership.
These things are the other way around. The older something is, the more likely it is to find a bunch of questionable choices, spaghetti code, and security holes.
The questions I have surround the "since 2012" bit. FB exists since 2004, so what happened in 2012? Was it a data dump, a careless logger, system migration, or something else?
Glad I deleted mine in 2018 and use a password manager (KeepassDX). Only socials I have are Lemmy, Mastodon (rarely used), and Nostr. If it aint FOSS I avoid if at all possible.