Facebook stored hundreds of millions of passwords in plain text
- Facebook stored the passwords of hundreds of millions of users in plain text
- Series of errors left the passwords accessible to a maximum of 20,000 employees of the firm
- Facebook confirmed the problem in a blog post titled "Keeping passwords safe"
According to Krebs in Security, Facebook stored the passwords of hundreds of millions of users in plain text, exposing them for years to anyone who had internal access to the files. Users' passwords are generally protected with encryption (a process known as hashing), but a series of errors led to certain Facebook brand applications leaving the passwords accessible to a maximum of 20,000 employees of the company.
It is believed that between 200 million and 600 million Facebook users were affected, as per Krebs, who first reported the security flaw. Facebook confirmed the problem in a blog post titled "Keeping passwords safe," and said the social platform identified the problem in January as part of a security review. Facebook says that it has solved the problem and will notify all those affected.
THE PLAIN TEXT LOGGING GOES BACK TO AROUND 2012
Facebook claims there is no evidence that plain text passwords were exposed outside the company or that they were subject to internal abuse. As a result, users will not have to reset their passwords. The problem affected "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users," says the company.
Although there is no evidence of abuse, at least 2,000 Facebook employees searched the archives containing passwords, although it is unclear why. The password registry supposedly started as early as 2012.
This is the latest in a series of security problems for Facebook. In October, a hacker was able to access the personal information of 29 million accounts after stealing login tokens. Prior to that, it was found that pirated private messages of 81,000 users had been released. And none of that includes the problems of improper large-scale data exchange that began with Cambridge Analytica and began to pressure the company to change its practices.