I'm curious to see some actual numbers. Are we talking low millions, or LinkedIn/Yahoo (hundreds of millions)? These quiet low key releases might be announcing historic numbers and we wouldn't knowhttps://twitter.com/KurtWagner8/status/1118926820785606657 …
-
Show this thread
-
and before alex stamos storms in here to reply to me, yes i know there's no evidence of outside access, which means you can quibble about whether or not it's breach qua breach
2 replies 1 retweet 57 likesShow this thread -
love you too alex
1 reply 0 retweets 31 likesShow this thread -
Replying to @sarahjeong
Thanks for the love, but I have no desire to quibble. It's a serious problem and one that I wish my team had found while I was there.
1 reply 0 retweets 6 likes -
Replying to @alexstamos @sarahjeong
Like I said elsewhere, this is an example of Facebook's great engineering advantage (empowering individuals and small groups to work quickly and independently) turning into a liability under a weak privacy governance structure.
1 reply 1 retweet 7 likes -
Replying to @alexstamos @sarahjeong
There are several levels of automation that should catch a mistake like this (logging POST parameters) and they didn't. FB has traditionally allowed engineers a lot of freedom within those software-enforced safety boundaries and this demonstrates the limits of that approach.
2 replies 0 retweets 2 likes
Making this public during the busy mueller-report-is-released period isn't an engineer-level decision though.
-
-
Replying to @AndresFreundPol @sarahjeong
I disagree with that strategy and I wish they would release the full technical post-mortem. This is actually a pretty common mistake (Twitter and Github had the same) and it would be better for FB to try to drive industry-wide improvement than just focus on short-term PR.
1 reply 0 retweets 2 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.