Facebook stored 'hundreds of millions' of passwords in plain text for years

Share

The partnership may have enabled the companies to access troves of user data without consent, at times without consent.

Facebook has said that it stored millions of its users' passwords in plain text for years.

Users' passwords are typically stored in a way that masks the text and makes them unreadable even to employees.

"There is nothing more important to us than protecting people's information", said Pedro Canahuati, vice president of engineering, security and privacy for Facebook - while presumably hiding a smirk.

The scandal-plagued social media giant hastened to assure users that "no passwords were exposed externally and we didn't find any evidence of abuse to date", but their post was cold comfort from the company whose CEO has explicitly called the users who trust him "dumb f***s". Facebook Lite - a simplified version of Facebook created to work on slower internet connections - is popular among people in parts of the world with less connectivity. The Android app is most popular in Brazil, Mexico, India, Indonesia, and the Philippines, as well as other countries in South Asia with older 2G and 3G GSM networks-markets where Facebook has experienced much of its recent growth.

A well-known symbol used by social network Facebook appears on the broken screen of a mobile phone.

The insider also said that about 2,000 engineers, developers, and other employees queried these servers and pulled data containing plain text passwords about 9 million times over the past 7 years.

ACC Basketball Tournament: Semifinal preview for Virginia vs. Florida State
But Virginia shot 63 percent after the break and scored 49 points with long runs of efficient offense to go with tough defense. Florida State was on the board first with a three and built a 20-10 lead at the 10:19 mark in the first half.

Scott Renfro, a software engineer at Facebook, told Krebs on Security that the company would not be pushing password resets to mitigate its security problems.

Facebook Lite launched in 2015 and Facebook bought Instagram in 2012. These passwords were stored by the company in plain text dating back as far as 2012.

Facebook offered information instructing users how to change passwords for Instagram and Facebook and recommended setting up two-factor authentication.

We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

While an investigation has been started, it is not yet clear precisely how many account passwords are involved or exactly how long they were stored in this way.

According to Patrick Jackson, chief technology officer of the data security firm Disconnect, the problem was likely the result of a poorly designed internal logging system. Or, conversely, you could click below to delete your Facebook profile.

Share