OOPS: Facebook admits storing millions of passwords in plain text
Facebook overnight confessed that it had stored passwords in plain text, and would notify hundreds of millions of affected users.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” said Facebook vice president Pedro Canahuati on a blog post.
The discovery was notable because usually passwords are encrypted and scrambled so that even if a hacker had access to the database, the stored passwords would make no sense to them.
Canahuti estimated that “hundreds of millions” of Facebook Lite users would be contacted about the slip-up, as well as “tens of millions” of standard Facebook users, and “tens of thousands” of Instagram accounts.
Related story: STOLEN NETFLIX accounts: Sydney man faces 20 years jail
Related story: Kathmandu customer credit card data HACKED
Related story: Hacked home loan customer info appears on DARK WEB
Facebook Lite is a version of the social media site used by people in countries with low-speed internet connections.
“These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” said Canahuti.
Facebook has security measures outside of passwords that kick in if it detects suspicious login activity – such as looking out for an unusual device, cross-matching stolen passwords from data breaches on other online services, and even a physical key for certain users.
“We introduced the ability to register a physical security key to your account, so the next time you log in you’ll simply tap a small hardware device that goes in the USB drive of your computer,” wrote Canahuti.
“This measure is particularly critical for high-risk users including journalists, activists, political campaigns and public figures.”
Facebook’s privacy and security practices came under sharp scrutiny in the past couple of years, with incidents like data leaks to third-party firm Cambridge Analytica that was allegedly used to pervert election results.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, property and tech news.
