comscore
News

Facebook stored password of millions of users in plain text for years: Report

The company says these passwords were never visible to anyone outside of Facebook.

  • Published: March 22, 2019 9:45 AM IST
facebook security issue main

Facebook has had a rough last year and every week, it seems that the company’s problems are not going away anytime soon. First came the big revelation on how Cambridge Analytica used Facebook to harvest user information and putting privacy on the back foot. Then came departure of Facebook executives at WhatsApp and Instagram suggesting that the company will soon face big executive exodus. Early this year, Facebook was hit with government oversight committee looking into its data privacy practice. Now, Facebook has confirmed that it stored passwords of hundreds of millions of users in plain text for years.

According to KrebsOnSecurity, the passwords were stored in plain text in some cases going back to 2012. The social media giant, in a blog post, said that an ongoing investigation so far found no indication that employees have abused their access to this data. It also confirmed plans to notify hundreds of millions of Facebook users and thousands of Instagram users to change their password with immediate effect. “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” Pedro Canahuati, VP Engineering, Security and Privacy, wrote in a blog post.

Facebook has not announced how many users could have been affected by this unmasked password for years. However, KrebsOnSecurity claims citing sources that between 200 million and 600 million Facebook users may have their account passwords stored in plain text. The data was searchable by more than 20,000 Facebook employees and some 2,000 engineers or developers reportedly made approximately nine million internal queries that contained plain text user passwords.

Watch: Android Q How to install

Both Github and Twitter also admitted to storing user passwords in plain text recently but in both the cases, the data was available to only a small number of employees. In the case of Facebook, however, the number could be really big and the company is now revealing the number of employees who could have had accessed the data. Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some OEMs and it also saw departure of Chief Product Officer Chris Cox and WhatsApp chief Chris Daniels recently.

  • Published Date: March 22, 2019 9:45 AM IST