CATEGORIES
home News

Facebook Facepalm: Up To 600 Million User Passwords Were Stored In Plain Text

by Brandon HillThursday, March 21, 2019, 01:26 PM EDT
facebook
Facebook just can’t seem to keep its nose clean with respect to security and user privacy. The latest blunder was first reported on by KrebsonSecurity, which discovered that the social networking giant was storing user account passwords in plain text instead of hashing them.

What’s more troubling about this discovery is that the passwords were readably accessible by Facebook employees, affecting accounts dating back to 2012. In total, over 20,000 Facebook employees had searchable access to the passwords, and the plain text folly affected between 200 million to 600 million users in total.

Brian Krebs also dropped this interesting nugget in his blog post on the latest security flub at Facebook. “My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.”

For its part, Facebook has penned a new blog post, entitled “Keeping Passwords Secure,” that addresses the matter directly. The first thing that caught our attention is found right in the first sentence of the blog post. While KrebsonSecurity only caught wind of the plain text “fail” recently, Facebook actually learned about it in January “as part of a routine security review.”

facebook twitter icon

The company goes on to state that it has “fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.” The company adds, “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”

It’d be interesting to know whether or not we would have even heard about this incident had it not been brought to the public’s attention. It doesn’t seem likely that it would have taken Facebook two months to come up with a mechanism for alerting is users to the potential security/privacy violations. It’s especially troubling that it took Facebook this long to publicly react given the amount of scrutiny it is currently under by U.S. regulators.

According to Facebook, there is no evidence that passwords were made accessible to anyone outside of the company. Facebook also contends that access to the passwords stored in plain text was not abused internally.

“There is nothing more important to us than protecting people’s information,” Facebook writes. “We will continue making improvements as part of our ongoing security efforts at Facebook.”

Tags:  Facebook, security, Privacy, (NASDAQ:FB), Mark-Zuckerberg, security-breach
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment