"Facebook admits it stored 'hundreds of millions' of account passwords in plaintext" - says the article on Techcrunch. But how could be this possible, when even a junior developer knows that you have to encrypt the passwords in your database?
I have two ideas, but maybe there could be many more possible cases.
1) Facebook stored the passwords encrypted, but used an algorithm that can be decrypted.
2) When a user clicked on login (or possibly during the registration), before checking the password with the database, they sent it to an other service in plain, that stored it.
What do you think? This issue is too huge to be a simple mistake and must have happened for a reason.
Using Spring Security with Azure Active Directory
Julien Dubois -
Hackers are Googling your plain text passwords: preventing sensitive data exposure
Victoria Drake -
Pushing Left, Like a Boss — Part 5.12 — Authentication (AuthN), Identity and Access Control
Tanya Janca -
Securing your Linux desktop using iptables firewall rules
Dan DiVica -