Facebook Stored Hundreds of Millions of Passwords Unencrypted

Facebook Stored Hundreds of Millions of Passwords Unencrypted

Facebook stored “hundreds of millions” of account passwords unencrypted and viewable as plain text to tens of thousands of company employees, KrebsonSecurity reported Thursday.

  • By Jessica Davis
  • Mar 22, 2019

Facebook stored “hundreds of millions” of account passwords unencrypted and viewable as plain text to tens of thousands of company employees, according to a report by cybersecurity journalist Brian Krebs.

The incident, which Facebook confirmed in a blog post, could have affected as many as 600 million of Facebook’s 2.7 billion users.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” VP of Engineering, Security and Privacy Pedro Canahuati said in the post.

According to Krebs’ report, the incident dates back to as early as 2012. Scott Renfo, a Facebook software engineer, said the company hasn’t found any misuse of the data and that “there was no actual risk that’s come from this.”

Facebook said Thursday it planned to start alerting affected users.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Canahuati wrote. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.