21 March 19, 17:20
(This post was last modified: 21 March 19, 17:20 by silversurfer.)
Quote:Hundreds of millions of Facebook user passwords have been stored in plain text for years, the social media giant acknowledged on Thursday.
KrebsOnSecurity, which first reported the news, said that specifically between 200 and 600 million passwords were stored in plain text as early as 2012, and were searchable by thousands of Facebook employees. Plain text means that the stored passwords are unencrypted, meaning they can be easily accessed and read by people who had access to Facebook’s internal data storage systems.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” said Pedro Canahuati, vice president of engineering, security and privacy at Facebook in a Thursday post. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
Facebook said it will notify hundreds of millions of Facebook Lite users (Facebook Lite is a version of Facebook predominantly used by people in regions with limited connectivity), as well as tens of millions of other Facebook users, and tens of thousands of Instagram users.
SOURCE: https://threatpost.com/facebook-stored-p...rs/143032/