Home Stories Updates Facebook Admits Storing User Passwords in Plain Text

Facebook Admits Storing User Passwords in Plain Text

2018 wasn’t good for Facebook when it came to data security and privacy. But recent history appears to be repeating itself as the social network was found to have stored passwords belonging to hundreds of millions of users in plain text.

Security expert Brian Krebs was tipped off by an anonymous senior Facebook worker, who revealed that, through an internal investigation, the company had discovered that its staffers had been creating apps that harvested and stored encrypted data in plain rather than encrypted text on internal servers.

As a result, more than 20,000 Facebook employees could have searched and gained access to the passwords of between 200 and 600 million account holders. Facebook has more than two billion users.

Krebs’ inside source noted that access logs showed some 2,000 Facebook engineers or developers made around nine million internal queries for data elements that contained plain-text user passwords.

This plain-text archiving has apparently been happening since 2012, although Krebs’ source didn’t confirm how many passwords in total were exposed by being stored in plain-text form, nor forhow long they were kept that way.

At the time of writing, Facebook is investigating the issue and noted that there have been no signs of its employees abusing the data to which they have access.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Facebook said.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”

The social network said that no password resets are necessary. Although it alerted users to the issue, Facebook insisted there was no risk from the inadvertent password logging. However, that’s still a vast swathe of people who could have had their privacy breached by Facebook and its failure to approach data protection with rigorous oversight.

Facebook’s public statement waxed lyrical about practicing good password protection, such as enabling two-factor authentication, which gave the impression the social network was trying to gloss over the whole issue of its rather questionable password data storing.


FREELANCER CHARGEBACK AND REFUND: No One is Safe With the freelancer.com Terms of Service

No one doubts freelancer.com platform opens an opportunity as it expands markets, both for the employer and the employee. It should be...
Bookmark modo.pk in order to follow yummy food recipes, discover beautiful destinations in Pakistan and across the world, read our expert advice on health care, skin care and hair care topics, read reviews before buying your favourite electronic devices and gadgets and a lot more.

Leave a Comment

Please enter your comment!
Please enter your name here