An anonymous source claiming to be a Facebook employee has revealed that the passwords of nearly half a billion Facebook and Instagram users were exposed. The employee says hundreds of millions of passwords have been in a searchable, non-encrypted, text format on Facebook’s servers for Facebook employees, possibly for years.
Furthermore, the data has been available to Facebook employees which means they had plenty of opportunities to abuse it.
The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.KrebsOnSecurity
Once the employee came forward, Facebook did acknowledge that the glitch was indeed real. It is important to note that the glitch was not public facing. Only employees of Facebook could see the data, but there were plenty of chances for someone to leak the data to bad actors.
As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way.Facebook
Facebook plans on notifying all Facebook and Instagram users that were affected by the glitch. It may take some time to be notified as this has affected so many. In the meantime, it may be a good idea to go ahead and change your password anyway. It’s always a good idea to turn on two-factor authentication as well, something to consider anyway. This way, if your password was used, no one would be able to log in without your second authentication layer.
Privacy and data security are becoming an increasing issue for users as hackers, bad actors, and malicious users are finding ways to exploit and abuse technology across the board.
What do you think of about this glitch that allowed Facebook employees to access user passwords? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.[button link=”https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: KrebsOnSecurity[/button][button link=”https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: Facebook[/button]
Last Updated on February 3, 2021.