1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Facebook admits it stored hundreds of millions of user passwords in plain text

By Shawn Knight · 7 replies
Mar 21, 2019
Post New Reply
  1. Facebook on Thursday revealed that during a routine security review in January, it was discovered that some user passwords were being stored internally in plain text format. The social network said the passwords were never visible to anyone outside its walls and that there is no evidence that any Facebook employees improperly accessed them.

    Facebook has since fixed the issue and as a precaution, will be notifying impacted users.

    A senior Facebook employee tells KrebsOnSecurity that the investigation thus far suggests between 200 million and 600 million users may have had their passwords stored in plain text. Worse yet, they were technically accessible by more than 20,000 Facebook employees with some archives dating back to 2012.

    In its official statement, Facebook estimated they would be notifying “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users.” Facebook Lite is a version of the social network optimized for slower Internet connections.

    This isn’t the first time Facebook’s sketchy privacy practices have been called into question this month. A few weeks back, it was revealed that phone numbers submitted for two-factor authentication purposes could be used to look up users on the social network.

    Permalink to story.

    Last edited by a moderator: Mar 21, 2019
  2. Verrm

    Verrm TS Enthusiast Posts: 48   +19

    Unbelievable! Who in their right state of mind would download from database so many millions passwords and make it accessible for everyone?! This is worse then ridiculous. Facebook should fire everyone that knew about this.
  3. misor

    misor TS Evangelist Posts: 1,397   +303

    This is really why 2-factor authentication is an advantage.
    someone may know your login credentials but still cannot log because of added security.
    ...unless that person also has your smartphone. ;)
  4. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,963   +577

    "Trust us" while they constantly deliberately abuse your trust...
  5. Danster1616

    Danster1616 TS Enthusiast Posts: 40   +11

    Well this sucks
  6. jobeard

    jobeard TS Ambassador Posts: 12,886   +1,530

    The details are important here.

    While it is TRUE that passwords were stored in plain text on the disk,

    it is NOT TRUE that they were accessible from the internet.
    Only persons with accounts internal to FB could have seen/access the data.

    It certainly shows a total disrespect for security by FB and its staff -- after all, the guys/gals that did the work should have known better and said something.
    Darth Shiv likes this.
  7. lexster

    lexster TS Maniac Posts: 466   +233

    How is this news or a surprise to anyone? It's Facebook. They can't tell their bum from a hole in the ground most of the time and frequently have their heads in both.
  8. erickmendes

    erickmendes TS Evangelist Posts: 572   +247

    That's why I used two factor auth in Facebook. Then I deleted my account altogether... Too much information on their hands... Google already have enough of it.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...