Facebook Stored Hundreds of Millions of Passwords Unencrypted
Facebook stored “hundreds of millions” of account passwords unencrypted and viewable as plain text to tens of thousands of company employees, KrebsonSecurity reported Thursday.
- By Jessica Davis
- Mar 22, 2019
Facebook stored “hundreds of millions” of account passwords unencrypted and viewable as plain text to tens of thousands of company employees, according to a report by cybersecurity journalist Brian Krebs.
The incident, which Facebook confirmed in a blog post, could have affected as many as 600 million of Facebook’s 2.7 billion users.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” VP of Engineering, Security and Privacy Pedro Canahuati said in the post.
According to Krebs’ report, the incident dates back to as early as 2012. Scott Renfo, a Facebook software engineer, said the company hasn’t found any misuse of the data and that “there was no actual risk that’s come from this.”
Facebook said Thursday it planned to start alerting affected users.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Canahuati wrote. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
Jessica Davis is the Associate Content Editor for 1105 Media.