Facebook admits it stored hundreds of millions of user passwords in plain text

Shawn Knight

Shawn Knight

Posts: 15,287   +192
Staff member
Facepalm: Facebook's latest data security scare does little to boost confidence in the social network's ability to safeguard users' personal information. Official numbers are still being tabulated although according to one insider, the lax security measure could have put as many as 600 million passwords at risk.

Facebook on Thursday revealed that during a routine security review in January, it was discovered that some user passwords were being stored internally in plain text format. The social network said the passwords were never visible to anyone outside its walls and that there is no evidence that any Facebook employees improperly accessed them.

Facebook has since fixed the issue and as a precaution, will be notifying impacted users.

A senior Facebook employee tells KrebsOnSecurity that the investigation thus far suggests between 200 million and 600 million users may have had their passwords stored in plain text. Worse yet, they were technically accessible by more than 20,000 Facebook employees with some archives dating back to 2012.

In its official statement, Facebook estimated they would be notifying “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users.” Facebook Lite is a version of the social network optimized for slower Internet connections.

This isn’t the first time Facebook’s sketchy privacy practices have been called into question this month. A few weeks back, it was revealed that phone numbers submitted for two-factor authentication purposes could be used to look up users on the social network.

Permalink to story.

https://www.techspot.com/news/79309-facebook-admits-stored-hundreds-millions-user-passwords-plain.html

 
Unbelievable! Who in their right state of mind would download from database so many millions passwords and make it accessible for everyone?! This is worse then ridiculous. Facebook should fire everyone that knew about this.
 
This is really why 2-factor authentication is an advantage.
someone may know your login credentials but still cannot log because of added security.
...unless that person also has your smartphone. ;)
 
The details are important here.

While it is TRUE that passwords were stored in plain text on the disk,

it is NOT TRUE that they were accessible from the internet.
Only persons with accounts internal to FB could have seen/access the data.

It certainly shows a total disrespect for security by FB and its staff -- after all, the guys/gals that did the work should have known better and said something.
 
  • Like
Reactions: Darth Shiv
That's why I used two factor auth in Facebook. Then I deleted my account altogether... Too much information on their hands... Google already have enough of it.
 
You must log in or register to reply here.

Similar threads

midian182
US prison system proposes total social media ban for inmates, sparking First Amendment concerns
2
Replies
40
Views
682
trparky
T
midian182
Facebook to remove the News tab in US and Australia as company shifts its focus
Replies
6
Views
171
erickmendes
erickmendes
midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
282
p51d007
p51d007

Latest posts

Back