Facebook admits storing millions of passwords in plain text on internal servers

Facebook admits storing millions of passwords in plain text on internal servers

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them", he said. But in Facebook's case, they were stored in plain text, meaning that anyone with access to the file could read users' passwords with no additional steps required.

A compilation of Facebook's worst data and privacy mishaps The company is held to a high standard by regulators worldwide and is expected to maintain adequate privacy protections and to not abuse the power it holds.

"One Hacker Way" is the main address of Facebook's vast campus in the California city of Menlo Park.

Facebook on Thursday said it had for years stored millions of user passwords in plain text, a significant oversight for a company that remains in the spotlight for failing to protect users' privacy.

According to the report, an internal review turned up archives containing plain text passwords from as far back as 2012.

In a blog post ironically titled, "Keeping Passwords Secure", Facebook said it had caught the issue affecting "some user passwords" in January and it was now fixed.

This story has been published from a wire agency feed without modifications to the text.

"The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds" of affected users, the source said.

Since then, an unnamed source within Facebook told Krebs, some 2,000 Facebook staffers made "approximately nine million internal queries" for data that would have contained the user passwords.

This includes Facebook, Facebook Lite, and Instagram users.

Facebook's News Feed changes were supposed to make us feel good.

"We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users", a Facebook official said.

Facebook software engineer Scott Renfro went on record with Krebs, saying that the firm doesn't have the exact numbers, including the number of employees who could have accessed the passwords. Last week, The New York Times reported that federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world's largest tech companies.

And earlier in 2018 it revealed that data on millions of users had been harvested by data science company Cambridge Analytica.

Update, 11:43 a.m.: Facebook has posted a statement about this incident here.

Related Articles