Facebook stored passwords in plain text for hundreds of millions of users
Technology
Hundreds of millions of Facebook users’ passwords were stored in plain text, completely searchable by Facebook employees for years.
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
Shortly after KrebsOnSecurity published its story, Facebook posted its own statement by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.”
The users most affected by the security lapse are those who use the social network’s “lower connectivity” client, Facebook Lite. The company estimates that hundreds of millions of Facebook Lite users and tens of millions of “other” Facebook users had their passwords stored in plain text. Tens of thousands of Instagram users also were also affected.
Facebook claims that no one outside of the company was able to view the passwords and that it has found no evidence that anyone working at the social network “abused or improperly accessed them.” According to KrebsOnSecurity’s source, around 2,000 engineers or developers queried data that contained plain text passwords approximately 9 million times.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” stated Canahuati.
At this point, Facebook is no stranger to security failures. In one recent breach reported in October 2018, personal information of tens of millions of Facebook users were accessed by hackers. Just two months later, the company shared that millions of its users’ photos leaked to third-party developers who never had permission to view them in a completely separate breach.
Facebook is not forcing affected users to change their passwords at this time.
Source: Mashable
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
Shortly after KrebsOnSecurity published its story, Facebook posted its own statement by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.”
The users most affected by the security lapse are those who use the social network’s “lower connectivity” client, Facebook Lite. The company estimates that hundreds of millions of Facebook Lite users and tens of millions of “other” Facebook users had their passwords stored in plain text. Tens of thousands of Instagram users also were also affected.
Facebook claims that no one outside of the company was able to view the passwords and that it has found no evidence that anyone working at the social network “abused or improperly accessed them.” According to KrebsOnSecurity’s source, around 2,000 engineers or developers queried data that contained plain text passwords approximately 9 million times.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” stated Canahuati.
At this point, Facebook is no stranger to security failures. In one recent breach reported in October 2018, personal information of tens of millions of Facebook users were accessed by hackers. Just two months later, the company shared that millions of its users’ photos leaked to third-party developers who never had permission to view them in a completely separate breach.
Facebook is not forcing affected users to change their passwords at this time.
Source: Mashable
Source: David Apinga
Trending News
Weija Water Treatment Plant to shut down for scheduled maintenance today Dec. 19
07:07
60 lives lost at Madina Zongo junction as pedestrians ignore footbridge-MCE
07:10
Bawku report submitted; Mahama to respond within 24 hours
20:25
NDC confident ahead of December 30 Kpandai rerun
07:27
Part (3) of many: Why US not likely to extradite Ken Ofori-Atta despite A-G's request
07:56
Accra–Kumasi Expressway to offer alternative route, not replace existing highway – Roads Minister
06:55
Mind your words on Bawku — Otumfuo advises Cletus Avoka
19:11
Ghana launches blue economy strategy to boost national development
07:25
Kennedy Agyapong vs Atta Akyea: Alex Tetteh invoke curses on former MP over alleged meeting with Ken
04:07
Trade Minister engages tomato growers and traders to resolve value chain challenges
01:51
