- People tend to use the same password more than one place
- Facebook stored the passwords of users in plain text, discoverable at least by Facebook employees, since 2012
Culture eats strategy for breakfast.
But, in the case of Facebook culture and strategy aligns perfectly; they are that you as a user should not have any privacy.
Leave Facebook / Facebook Lite / Instragram.
From Brian Krebs:
My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.
“The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”
From Facebook, in light over that quote:
To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.