{"id":5181,"date":"2012-07-23T20:32:43","date_gmt":"2012-07-23T20:32:43","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=5181"},"modified":"2023-08-18T09:18:08","modified_gmt":"2023-08-18T16:18:08","slug":"login-security-fail-three-vendors-store-passwords-in-plain-text","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/","title":{"rendered":"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext"},"content":{"rendered":"<p style=\"text-align: left;\" align=\"center\">LinkedIn and Facebook have previously been hit with password security breaches, and now Dropbox has been having its own week of security woes. This seems to be prompting many of the company&#8217;s users to utter the following:<\/p>\n<p align=\"center\"><a href=\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/f-in-dropbox\/\" rel=\"attachment wp-att-5195\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-5195\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f-in-dropbox.jpg\" alt=\"\" width=\"450\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f-in-dropbox.jpg 450w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f-in-dropbox-150x50.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f-in-dropbox-300x100.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/07\/f-in-dropbox-100x33.jpg 100w\" sizes=\"(max-width: 450px) 100vw, 450px\" \/><\/a><\/p>\n<p>It seems like lately there\u2019s all kinds of reports about apps and websites that are not taking password security seriously. There was the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/last-fm-password-hack\/\">Week of Leaks<\/a> not too long ago, where hackers hit several popular websites and posted password dumps for millions of users.<\/p>\n<p>To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously.<\/p>\n<p>The latest apps to be hit with this are <a href=\"https:\/\/blog.scoopz.com\/2012\/04\/07\/linkedin-ios-app-also-vulnerable-to-plist-identity-theft\/\">LinkedIn,<\/a> <a href=\"https:\/\/venturebeat.com\/mobile\/facebook-dropbox-security-hole\/\">Facebook and Dropbox on iOS devices<\/a>. If I were inclined towards betting, I would put my money on these <em>not<\/em> being the only three major vendors to be named. Your password can be copied either if someone gets physical access to your device or if you plug it into a public computer. This works on any iOS device, not just jailbroken ones. To minimize this threat, use the password lock option and do not plug your iDevice into any public computer. Both Facebook and Dropbox will have updates for this shortly, so keep an eye out for that.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.<\/p>\n","protected":false},"author":6,"featured_media":53353,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[11],"tags":[45,48,53,164,353],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-07-23T20:32:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-18T16:18:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg\",\"width\":400,\"height\":260,\"caption\":\"Email Password Security\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/\",\"name\":\"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage\"},\"datePublished\":\"2012-07-23T20:32:43+00:00\",\"dateModified\":\"2023-08-18T16:18:08+00:00\",\"description\":\"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext\",\"datePublished\":\"2012-07-23T20:32:43+00:00\",\"dateModified\":\"2023-08-18T16:18:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage\"},\"wordCount\":239,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg\",\"keywords\":[\"Data Security\",\"Dropbox\",\"Facebook\",\"LinkedIn\",\"Password Security\"],\"articleSection\":[\"Software &amp; Apps\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/","og_locale":"en_US","og_type":"article","og_title":"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext - The Mac Security Blog","og_description":"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-07-23T20:32:43+00:00","article_modified_time":"2023-08-18T16:18:08+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg","width":400,"height":260,"caption":"Email Password Security"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/","name":"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage"},"datePublished":"2012-07-23T20:32:43+00:00","dateModified":"2023-08-18T16:18:08+00:00","description":"To those of us in the security industry, password security seems like Security 101, but many companies are still not getting this right. It\u2019s so simple: Do not store or transmit passwords in plain text. Ever. Seriously. The latest companies to be hit with this are LinkedIn, Facebook and Dropbox on iOS devices.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"Login security fail: Facebook, LinkedIn, Dropbox apps all store passwords in plaintext","datePublished":"2012-07-23T20:32:43+00:00","dateModified":"2023-08-18T16:18:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#webpage"},"wordCount":239,"commentCount":4,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg","keywords":["Data Security","Dropbox","Facebook","LinkedIn","Password Security"],"articleSection":["Software &amp; Apps"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/login-security-fail-three-vendors-store-passwords-in-plain-text\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/05\/email-password-security.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1lz","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5181"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=5181"}],"version-history":[{"count":18,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5181\/revisions"}],"predecessor-version":[{"id":98665,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5181\/revisions\/98665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/53353"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=5181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=5181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=5181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}