In brief: Facebook stored hundreds of millions of account passwords in plaintext

by Simon Cohen

Facebook confirmed on Thursday in a blog post, prompted by a report by cyber-security reporter Brian Krebs, that it has stored “hundreds of millions” of account passwords in plaintext for years. Account passwords are usually protected with encryption (a process known as hashing), but a string of errors caused certain Facebook-branded apps to leave passwords accessible to as many as 20,000 company employees.

  • During a routine security review in January, Facebook discovered that the passwords were stored in a readable format, against its security procedures.
  • The company confirmed that the passwords were never accessible to anyone outside of Facebook.
    -Most of the affected accounts were on Facebook Lite, a version of the app designed for emerging markets.
  • The issue impacted “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”
  • It was reported that the number of visible passwords belonged to between 200 million and 600 million users.
  • This is the latest in a string of bad security issues for Facebook.
  • In October, a hacker was able to access personal information from 29 million accounts after stealing login tokens.
  • Prior to this, hacked private messages from 81,000 users were found to have been put up for sale.

- Advertisement -

You may also like