Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext (3)
03-21-2019 08:53 PM
#1
shishev (Moderator)
Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext
Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext
Whoopsie!
https://techcrunch.com/2019/03/21/fa...vwN3hwPp4Ty4bQ
https://thehackernews.com/2019/03/fa...passwords.html
https://newsroom.fb.com/news/2019/03...swords-secure/
From TechCrunch:
Flip the “days since last Facebook security incident” back to zero.
Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years.
The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.
Krebs said the bug dated back to 2012.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them,” but did not say how the company made that conclusion.
Facebook said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.” The company also said “tens of thousands of Instagram users” will be notified of the exposure.
Krebs said as many as 600 million users could be affected — about one-fifth of the company’s 2.7 billion users, but Facebook has yet to confirm the figure.
Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years.
The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.
Krebs said the bug dated back to 2012.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them,” but did not say how the company made that conclusion.
Facebook said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.” The company also said “tens of thousands of Instagram users” will be notified of the exposure.
Krebs said as many as 600 million users could be affected — about one-fifth of the company’s 2.7 billion users, but Facebook has yet to confirm the figure.
Ouch!
Sent from my iPhone using STM Forums mobile app
Yikes!
Amy
Home > Paid Traffic Sources > Facebook & Instagram