Facebook stored user passwords in plain text for years2019-03-21 18:10 by Daniela
Facebook admitted today that for years it had stored millions of user passwords in plain text. The un-encrypted passwords were stored on internal servers and were not accessible to outsiders. The company has found no indication the sensitive data was improperly accessed.
Around 600 million Facebook users may be affected by the issue. Facebook said it would likely notify "hundreds of millions" of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users of the issue.
"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."
"Encrypting passwords is Security 101," said Marcus Carey, the CEO Threatcare, an Austin cybersecurity company. "If they can't get the basic principles of cybersecurity right, they are surely failing on the tougher challenges."
The news comes days after the one year anniversary of the Cambridge Analytica scandal in which it was revealed that Facebook shared the personal data of as many as 87 million users with a political data firm. It's since been a year of near constant issues for Facebook, including reported criminal investigations, a possible record fine from the FTC, the departure of numerous high-ranking executives, regulatory scrutiny in the US and Europe, and a lengthy outage just last week.
Read more -here-