alt Hacker NewsOne thing I'm curious about is I hear stories about people getting hacked and losing their FB/IG/Tiktok accouts then fighting to get them back. You never hear details but I can only assume they're reusing passwords or they're using guessable passwords. For reference, anything 10 characters or less has to be viewed as guessable in this day and age.
I've long-viewed password managers are mandatory. Every site get its own 20+ character randomly generated password. I don't care if the hash gets leaked. It's not getting cracked. For years this has been 1Password. Initially it was LastPass but 1Password is just more slick.
The annoyance is all the arbitrary rules sites create about you have to use special characters or you can't or they have different, non-overlapping requirements on password length or the absolute worst is forced password rotation.
I don't generally try and get non-tech friends and family use password managers however because it's still kinda clunky to use and generate. Passkeys are kinda better I guess? But they're far from universal and I don't expect them ever to be.
Anyway, this kind of leak from Meta kinda surprises me. Leaking information that ties a physical address to an email address? That's a massive breach and not normally one you expect form a company employing thousands of engineers.
I will say this: IG operates as its own domain within Meta and AFAIK they still use a completely separate code base in Python/Django. Facebook proper is in Hack (almost entirely) and has excellent tooling and systems to detect weak endpoints and PII leaks of this sort such that leaky endpoints (or however this information leaked; I didn't see any details in the article) really just don't happen.
This has long been a point of friction within Meta engineerings. It's defensible to say it's not worth rewriting but IG are constantly playing catch up with what the rest of the company gets for "free". How many billion+ dollar settlements does it take before this equation changes?
And yes I believe that leaking physical addresses is going to cost th ecompany more than a billion dollars. It may get people killed. That's how serious this is.