Jump to content

Facebook says it left 'hundreds of millions' of user passwords unencrypted


vatsayana

Recommended Posts

https://www.nbcnews.com/tech/tech-news/facebook-left-hundreds-millions-user-passwords-unencrypted-n985876

Image: Mark Zuckerberg

Facebook CEO Mark Zuckerberg speaks during a press conference in Paris on May 23, 2018.Bertrand Guay / AFP - Getty Images file

 
 
March 21, 2019, 10:55 AM CDT
By Jason Abbruzzese

Facebook said Thursday that an internal security review found the passwords of hundreds of millions of users had been stored on company servers without encryption, but that no passwords were leaked and the company has found no indication the sensitive data was improperly accessed.

The issue was first reported by security researcher Brian Krebs, who published a blog post Thursday detailing that Facebook employees built applications that captured the passwords of users and stored them as plain text, meaning a password would be readable just the same as it is entered to log in.

 

Shortly after Krebs published his post, Facebook issued its own poston the security issue.

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."

The company said it will be notifying all affected users as a precaution.

Most companies encrypt passwords to prevent them from being stolen in the event of a data breach or used for nefarious purposes by company employees. Facebook said it is standard procedure for the company to encrypt passwords.

Krebs reported that the passwords were accessible by "some 2,000 engineers and developers."

While it appears no user passwords were leaked, the security issue adds to Facebook's lengthy list of missteps that have brought significant public and political pressure on the company in the past year.

 

Facebook did not immediately respond to a request for comment.

It was not immediately clear exactly how many Facebook users were affected by the security issue, but Canahuati wrote that the company estimates it will notify "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users." Facebook Lite is a stripped-down version of the company's app offered in parts of the world that have poor wireless connectivity.

Facebook added that it employs a variety of security procedures around user accounts and passwords, including tracking logins from new locations and devices, as well as monitoring data breaches at other companies in case people reuse passwords.

Information technology professionals on social media noted that encrypting passwords is among the most basic steps to ensure user safety.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...