, 6 tweets, 1 min read Read on Twitter
It's important to note in this "Facebook plain-text password" story that the passwords are being stored with salted scrypt hashes, that's not the issue. Instead, the issue is inadvertent logging of web requests -- which happen to contain clear-text passwords.
2/ The analogy is that Facebook has all the proper locks on the doors -- but somebody left the window open.
3/ It's a common problem that all companies have. It should be one of the first things you audit in your security architecture. Don't simply verify passwords are hashed, also verify with the web team that they don't get logged along with all the other web input.
4/ In addition, look at error logging. You may have properly stripped it from normal web requests, but forgot about stripping it from error messages, which still results in millions of plain text passwords being logged.
5/ It would be wrong thinking Facebook is unusually bad here because it made this mistake. Most organizations have made, or are currently making, this mistake. Facebook is unusually good that they own up to it**
6/ ** Though that's probably due to GDPR that Facebook both discovered this and has owned up to it. It's one of the things GDPR auditors look for nowadays. So it's unusual in the U.S., though I'm not sure it's so unusual in Europe.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵇᵉᵗᵒ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!