Facebook says it left ‘hundreds of millions’ of users’ passwords stored in plain text

Facebook on Thursday said that it had left “hundreds of millions” of users’ passwords exposed in plain text, potentially visible to the company’s employees, marking another major privacy and security headache for a tech giant already under fire for mishandling people’s personal information.

Facebook on Thursday said that it had left “hundreds of millions” of users’ passwords exposed in plain text, potentially visible to the company’s employees, marking another major privacy and security headache for a tech giant already under fire for mishandling people’s personal information.

Facebook said it believed the passwords were not visible to anyone outside the company and had no evidence that its employees “internally abused or improperly accessed them.” But it said it would notify users of Facebook as well as its photo-sharing site, Instagram, that they had been affected.
https://www.washingtonpost.com/technology/2019/03/21/facebook-says-it-left-hundreds-millions-users-passwords-stored-plain-text/

Also see:

Facebook Did Not Securely Store Passwords. Here’s What You Need to Know.
Facebook said on Thursday that millions of user account passwords had been stored insecurely, potentially allowing employees to gain access to people’s accounts without their knowledge.

The Silicon Valley company publicized the security failure around the same time that Brian Krebs, a cybersecurity writer, reported the password vulnerability. Mr. Krebs said an audit by Facebook had found that hundreds of millions of user passwords dating to 2012 were stored in a format known as plain text, which makes the passwords readable to more than 20,000 of the company’s employees.
https://www.nytimes.com/2019/03/21/technology/personaltech/facebook-passwords.html

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.