Facebook stored passwords in plain text for hundreds of millions of users
Hundreds of millions of Facebook users’ passwords were stored in plain text, completely searchable by Facebook employees for years.
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
SEE ALSO:Facebook's News Feed changes were supposed to make us feel good. It's not working.Shortly after KrebsOnSecurity published its story, Facebook posted its own statement by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.”
The users most affected by the security lapse are those who use the social network’s “lower connectivity” client, Facebook Lite. The company estimates that hundreds of millions of Facebook Lite users and tens of millions of “other” Facebook users had their passwords stored in plain text. Tens of thousands of Instagram users also were also affected.
Tens of thousands of Instagram users also were also affected
Facebook claims that no one outside of the company was able to view the passwords and that it has found no evidence that anyone working at the social network “abused or improperly accessed them.” According to KrebsOnSecurity’s source, around 2,000 engineers or developers queried data that contained plain text passwords approximately 9 million times.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” stated Canahuati.
At this point, Facebook is no stranger to security failures. In one recent breach reported in October 2018, personal information of tens of millions of Facebook users were accessedby hackers. Just two months later, the company shared that millions of its users’ photos leakedto third-party developers who never had permission to view them in a completely separate breach.
Facebook is not forcing affected users to change their passwords at this time.
Featured Video For You
Facebook lost 15 million users in the U.S. since 2017
-
Gastro Obscura's Guide to Where to Eat in NashvilleHamilton looks quickest: HornerApple internal presentation about fighting leaks was leakedPutin to visit North Korea starting Tuesday: KCNA雨城区疾控中心提示:科学补碘 防治碘缺乏病Bottas wins in Turkey as Verstappen reclaims title leadRival parties hail deal to ease military tensionAll S. Korean pilots, crewmembers pass surprise sobriety testFlying spaghetti monster and unworldly life filmed in deep sea footageTalking to your car is better than ever, thanks to Nuance's voice assistant
- ·A Barbie flip phone is here from HMD
- ·'Hearthstone's most frustrating cards are getting nerfed in coming updates
- ·'Hearthstone's most frustrating cards are getting nerfed in coming updates
- ·鱼出三水!这里河鲜连续4年“出圈”,品牌渔业描绘“百千万”新蓝图
- ·[Exclusive] Samsung unsure of Suga's future as brand ambassador: source
- ·North Korea missile bases: enhancing strategic force status and readiness, says US monitor
- ·Putin arrives in North Korea for summit with Kim Jong
- ·Zverev sees off Murray at Indian Wells
- ·一针一线串起两代人的传承故事
- ·N. Korea could stage large
- ·FIFA chief raises prospect of Israeli World Cup bid
- ·Here's Tiger Woods being told he can't be in a group photo
- ·Google Gemini now allows AI
- ·首批300吨伽师瓜启程!佛山援疆积极推动产销对接助农增收
- ·'Hearthstone's most frustrating cards are getting nerfed in coming updates
- ·以“归零”心态 持续抓好安全生产工作
- ·13 Astronomical Clocks Connecting Time And Space
- ·N.K. attitude change bodes well
- ·NWSL play halted in 'solidarity'
- ·'Hearthstone's most frustrating cards are getting nerfed in coming updates
- ·NASA rover snaps photo of its most daunting challenge yet
- ·Top women's seeds fall at Indian Wells
- ·Girl Scouts add new cybersecurity badges to promote girls in STEM
- ·Childhood continues to die: The 'Mrs. Doubtfire' house is now on sale
- ·Trump trials: Jack Smith is reportedly reconsidering his strategy.
- ·Spotify finally launches in Japan — and with song lyrics
- ·N. Korea test
- ·Cartoon Network announces end of 'Adventure Time' two years ahead
- ·S. Korea warns citizens to avoid travel to N. Korean borders in China
- ·荥经县组织开展高考身份验证演练
- ·What Ever Happened to Winamp?
- ·US urges North Korea to cease provocative actions, reaffirms security support for South Korea
- ·‘Afghan women’s football team unsure about future’
- ·荥经县组织开展高考身份验证演练
- ·Echo Dot (5th gen) deal — get it for $29.99 at Amazon
- ·Angry dad writes hilarious note on his son's mail