Millions of Facebook passwords exposed internally

Share

In 2018, Facebook also revealed that the Philippines accounted for 1.2 million out of the 87 million people whose data "may have been improperly shared" with Cambridge Analytica.

The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network, it has been reported. "To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them", wrote Pedro Canahuati, Facebook's VP of Security and Privacy Engineering, in a blog post.

Facebook has discovered and now fixed a glitch that stored as many as 600 million passwords in plaintext within internal systems.

The security flaw is no longer in effect as confirmed by the social media giant.

Report: Facebook Stored ‘Hundreds of Millions’ of Passwords in Plain Text
Millions Of Facebook, Instagram Passwords Found Stored In Plain Text On Company Servers, Time To Change Yours Again

Facebook said that it normally "hashes" and "salts" user passwords as soon as they are created for a new account. However, the company refused to talk as to when exactly the process will start. The company claimed that this shouldn't have happened, as it typically deploys techniques to mask passwords and make them unreadable to employees or malicious hackers. "Passwords that are stored in plain text are more easily and readily stolen by those who intend harm, they may even be compromised by accident", Liboro said.

Usually, passwords stored on the databases will not be stored in plain text and can't be read. According to Facebook, "hundreds of millions of Facebook Lite [its app for low-power-usage devices] users, tens of millions additional Facebook users, and tens of thousands of Instagram users" were affected. In October of previous year, for instance, a hacker was able to obtain the personal information of up to 29 million Facebook users, courtesy of log-in tokens. Further, Facebook's engineer Scott Renfro told KrebsonSecurity that users will not be required to reset their passwords since there was no noted case of misuse of this data by employees.

Therefore, it is recommended that you should immediately change your Facebook and Instagram password, and also the password of other services as well, simply to avoid any attack of cybercriminals. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.

More news: MDHHS: 4 New Cases Of Measles Confirmed In Oakland County
More news: Levi shares soar as jeans retailer makes stock market return
More news: Albatross lifts Russell Knox within one shot of Valspar lead

Share