Black HatCyber SecuritySecurity NewsSecurity+TechTrends

Facebook Admits it Stored ‘Hundreds of Millions’ Account Passwords in Plain Text

  • There is no chance to believe or trust these tech giant companies anymore.
  • From 2015 till Now, These Incidents Stated that Nothing is Really Secured at All.
  • Everything You Do Online, Whether You Think, No body would Know, You are DAM Wrong.

Facebook has confirmed on Thursday in a blog post, prompted by a report by the cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account password in plaintext for years.

This was discovered in January, said Facebook’s Pedro Canahuati, a part of daily security review.

None of these passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.

Krebs pointed out that the bug dated back to 2012.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them,” but did not say how the company made that conclusion.

The Facebook officials have not yet confirmed that how did the bug came to be? Storing the passwords in readable formats is an insecure way of storing passwords.

Companies, like Facebook, Has and Salt passwords – to store passwords securely.

That allows the companies to verify a user’s password without knowing what it is.

Twitter and GitHUB were also hit by the same type of bug last year, both of the companies have said that the passwords were stored in the plaintext and not scrambled.

Facebook’s chief executive, Mark Zuckerberg, testifying before Congress in April.CreditTom Brenner/The New York Times
Facebook’s chief executive, Mark Zuckerberg, testifying before Congress in April. Credit Tom Brenner/The New York Times

It was reported back last week that Facebook’s deals that allowed other tech giant companies to access account data without consent was under criminal investigation.

The Irish data protection office, which covers Facebook’s European operations, said the company “informed us of this issue” and the regulator is “currently seeking further information.”

Related Articles

Leave a Reply

Back to top button