Email
Password
Remember meForgot password?
    Log in with Twitter

article imageFacebook internally exposed millions of passwords

By Tim Sandle     Mar 21, 2019 in Technology
A security researcher has discovered that the passwords of millions of Facebook users have been accessible by up to 20,000 employees of the social network, resulting in a major internal security lapse.
Security researcher Brian Krebs has discovered a significant data protection failure at Facebook. This resulted in some 600 million passwords being stored in plain text. This is not a recent issue, for the passwords exposed could date back to 2012. These passwords have potentially been searchable by more than 20,000 Facebook employees.
On his website, Krebs writes: "My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords."
It had been thought it was Facebook's practice to mask people's passwords by replacing them with random characters, and then tucking away software keys that are needed to make sense of the jumble.
READ MORE: Massive email data breach at Verification.io
According to the BBC, Facebook has responded to state that it has resolved what it is terming, euphemistically, as a "glitch". Facebook infers that it has corrected the way that passwords should be stored on its internal network. The company also said it will be notifying affected users.
A Facebook spokesperson has said: "These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them."
This reassurance aside, Facebook is also also investigating the causes of a series of security failures whereby its employees built applications that logged unencrypted password data for Facebook users.
Motherboard reports that Facebook is not the only social media company to have made such such a mistake. Recently, both GitHub and Twitter admitted having exposed passwords in plaintext within their systems.
More about Facebook, Passwords, Cybersecurity, Data breach
 
Latest News
Top News