Tech Brief: Facebook Stored Hundreds of Millions of User Passwords in Plaintext for Years
If the sun rises in the east, it is a sign that Facebook will have a new legal or public relations disaster before sunset. The social networking site confirmed on Thursday that it stored passwords of hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users in plaintext format as early as 2012, potentially making it searchable by more than 20,000 of its employees. The disclosure, prompted by a report by cybersecurity researcher Brian Krebs, comes close on the heels of a string of privacy blunders and security missteps (including abusing phone numbers provided for purposes of two-factor authentication to target ads) that have plagued the company since the Cambridge Analytica data scandal came to light exactly an year ago. Facebook, which says it discovered the problem during a routine security review in January - not sure why it didn't reveal it back then, but expecting transparency from Facebook is like waiting for a ship at the airport - also took to the blog post to add that the issue has been fixed and that "these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them." If you say so, Facebook.
Update on Apr. 18: Facebook has quietly revised its March press release to say that millions of Instagram users' passwords were stored in plaintext. "Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed."
Update on Apr. 18: Facebook has quietly revised its March press release to say that millions of Instagram users' passwords were stored in plaintext. "Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed."
Comments
Post a Comment