[tptacek]

I don't know enough about Amazon to call bullshit on this, but I do know enough about other major tech companies to call bullshit on this.

[OrgNet]

Which other large company store plain text passwords? How long before they start trying to re-use the passwords to log in other services without your consent

[ceejayoz]

> Which other large company store plain text passwords?

That's not really what Facebook is saying they did. They accidentally logged passwords to a log file somewhere. They're not saying they stored them in the users database in plain text.

[OrgNet]

Right, but it has the same end result.

Also, I guess they don't look at their log files? The passwords were there in clear text for 7 years apparently: https://techcrunch.com/2019/03/21/facebook-plaintext-passwor...

[ceejayoz]

> Right, but it has the same end result.

Irrelevant. The point was that "we accidentally logged something sensitive" is something any big tech company can (and is likely to) do. Deliberately storing passwords as plaintext in the users table much less so.

> Also, I guess they don't look at their log files?

If they were temporarily logging something for a particular reason, and forgot to turn it off, there'd be no reason to.

[tptacek]

This is supremely silly. They logged passwords by accident. It wasn't a user acquisition feature.

[OrgNet]

No, it is silly to think that they didn't know about it... ie: for 7 years, no one looked at those passwords? They can't be that dumb...

Anyways, what other companies should we avoid, according to you (the ones that you referenced in your previous comment)?

Are you protecting your friends at Facebook, and yourself, because you know that you are likely to do the same mistake?