Hacker News new | ask | show | jobs
by ceejayoz 2625 days ago
> Which other large company store plain text passwords?

That's not really what Facebook is saying they did. They accidentally logged passwords to a log file somewhere. They're not saying they stored them in the users database in plain text.
1 comments
OrgNet 2625 days ago
Right, but it has the same end result.

Also, I guess they don't look at their log files? The passwords were there in clear text for 7 years apparently: https://techcrunch.com/2019/03/21/facebook-plaintext-passwor...

link
ceejayoz 2625 days ago
> Right, but it has the same end result.

Irrelevant. The point was that "we accidentally logged something sensitive" is something any big tech company can (and is likely to) do. Deliberately storing passwords as plaintext in the users table much less so.

> Also, I guess they don't look at their log files?

If they were temporarily logging something for a particular reason, and forgot to turn it off, there'd be no reason to.

link