Facebook Acknowledges Millions More Passwords Stored in Plain Text, and Contacts Uploaded Without Consent ⇥ recode.net

Kurt Wagner, Recode:

Facebook first announced late last month that it had stored hundreds of millions of user passwords unencrypted on its servers, a massive security problem. At the time, it said that “tens of thousands” of Instagram passwords were also stored in this way.

On Thursday morning, Facebook updated its blog to say that, actually, “millions” of Instagram users, not “tens of thousands,” were impacted.

That’s real bad, but that’s not all, because it never is with Facebook. Remember how they were asking some users for their email account passwords just two weeks ago?

Rob Price, Business Insider:

Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network, Business Insider can reveal. The Silicon Valley company said the contact data was “unintentionally uploaded to Facebook,” and it is now deleting them.

The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was “importing” your contacts without asking for permission first.

At the time, it wasn’t clear what was happening — but on Wednesday, Facebook disclosed to Business Insider that 1.5 million people’s contacts were collected this way and fed into Facebook’s systems, where they were used to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add.

Are they evil? Is their internal culture and sense of corporate ethics corrupt? Are they merely criminally inept?

Whatever the case, it doesn’t seem to have spooked Facebook’s shareholders. The company’s stock has climbed pretty steadily since the beginning of the year, and it’s at about the same price as this time last year. And, even though Facebook — the website and app — has been losing users, Facebook — the company — has insulated themselves by acquiring apparent alternatives. There are simply few automatic consequences for their repeated, brazen, and systemic breaches of trust.