Facebook stored passwords in plain text for hundreds of millions of users

Facebook has been storing 'hundreds of millions' of user passwords in plaintext

Facebook has been storing 'hundreds of millions' of user passwords in plaintext

KrebsOnSecurity is a blog that covers computer security and cybercrime. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook stored up to 600 million user passwords in a readable plain text format for years, which meant they could have been easily read by thousands of its employees.

That's according to an unnamed senior source at the social media platform, who told security researcher Brian Krebs that some internal Facebook applications have been logging and storing users' passwords in plain text since at least 2012, albeit for seemingly innocent purposes.

Renfro said the company planned to alert Facebook users starting on Thursday, but that no password resets would be required. The security issue has since been fixed and the company will soon notify everyone whose passwords were exposed. "Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity", Canahuati wrote.

Facebook estimates the total to include "tens of millions of Facebook users" and "tens of thousands of Instagram users".

Unknown to hundreds of millions of Facebook users, their passwords were sitting in plain text inside the company's data storage, leaving them vulnerable to potential employee misuse and cyberattack for years. Should you believe that, coming from an establishment that stored passwords in plain text in the first place?

Trump lashes out again at late senator John McCain
McCain, who passed away from brain cancer last August, has been the subject of many presidential tweets since his death. The President also called McCain "last in his class" at the US Naval Academy.

The news of the internal password exposure follow recent news reports that have shaken public faith in Facebook.

Security experts recommend using a tool like HaveIBeenPwned to check if a password has been compromised.

The incident reveals yet another oversight at a company that insists it is a responsible guardian for the personal data of its 2.2 billion users worldwide.

The passwords were stored on internal Facebook servers that, while secured against outside intrusion, were fully searchable by more than 20,000 Facebook employees, according to a Facebook insider familiar with the matter.

"With this technique, we can validate that a person is logging in with the correct password without actually having to store the password in plain text".

Thankfully, Facebook says there is no evidence this security breach was exploited by any nefarious individuals.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.