Facebook found millions of passwords stored in plain-text in internal investigation

Facebook found millions of passwords stored in plain-text in internal investigation

Facebook found millions of passwords stored in plain-text in internal investigation

Hundreds of millions of Facebook users may have had their passwords exposed as the result of an alarming oversight by the social media company.

Facebook estimates the total to include "tens of millions of Facebook users" and "tens of thousands of Instagram users".

While the information could have proven disastrous if it had fallen into the wrong hands, Facebook says the login credentials were "never visible to anyone outside of Facebook".

Facebook claims that no one outside of the company was able to view the passwords and that it has found no evidence that anyone working at the social network "abused or improperly accessed them".

A compilation of Facebook's worst data and privacy mishaps The company is held to a high standard by regulators worldwide and is expected to maintain adequate privacy protections and to not abuse the power it holds. In January, Facebook staffers reviewing code noticed that some Facebook web applications were logging plaintext passwords and storing them on Facebook internal servers, Krebs said.

Facebook Lite is designed for users with older phones or low-speed internet connections and is used primarily in developing countries. The number of users potentially affected by this is in the hundreds of millions, going back as far as 2012.

"There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users' passwords in plain text", said cybersecurity expert Andrei Barysevich of Recorded Future.

A source at Facebook who alerted Krebs of the issue says the firm is still working to determine exactly how many passwords were exposed and for how long.

Still, the revelation adds to a litany of recent privacy and security mishaps at Facebook, some of which have triggered investigations in the United States and European Union and could carry the risk of steep fines and other punishments. Hashes are meant to be easy to generate, but hard to reverse engineer, making them more secure.

This includes Facebook, Facebook Lite, and Instagram users. But security researcher Brian Krebs wrote that in some cases the passwords had been stored in plain text since 2012.

Facebook's News Feed changes were supposed to make us feel good. A commission spokesperson told CNN Business that Facebook had informed it of the issue and that it was awaiting further information.

Related news

[an error occurred while processing the directive]