Facebook saved tons of of hundreds of thousands of person passwords in plain textual content

A brand new report from Krebs On Security has revealed that Facebook saved the account passwords of tons of...

· 1 min read >
Facebook stored hundreds of millions of user passwords in plain text

A brand new report from Krebs On Security has revealed that Facebook saved the account passwords of tons of of hundreds of thousands of customers in plain textual content and so they have been simply searchable by 1000’s of its personal staff in some instances going again to 2012.

According to a senior worker conversant in the investigation, the social networking large is at present probing a collection of safety failures by which staff wrote purposes that logged unencrypted password knowledge for Facebook customers and saved this info in plain textual content on inside firm servers.

So far, the investigation has found that between 200m and 600m Facebook customers could have had their account passwords saved on its servers and searchable by over 20,000 staff.

The firm remains to be making an attempt to find out precisely what number of passwords have been uncovered and for a way lengthy however archives with plain textual content person passwords have been found that date again to 2012.

Plain textual content passwords

Access logs at Facebook present that round 2,000 engineers or builders made 9 million inside queries for knowledge components that contained plain textual content person passwords.

Software engineer at Facebook, Scott Renfro offered additional perception into the continuing investigation to Krebs On Security in an interview, saying:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data. In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

Affected customers is not going to have to vary their passwords as they weren’t leaked exterior of the corporate, although Facebook is getting ready to inform “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”. 

Via Krebs On Security


Facebook Comments

Leave a Reply