General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsFacebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. Thats according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.
The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.
My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
I used to work for one of the local telephone companies. As part of normal maintenance we'd have to monitor some circuits. Anything we may have overheard from a conversation was not to be disclosed. To do so could risk termination of employment.
If any Facebook employee used a password to log on to another person's account they should likewise be terminated.
Power 2 the People
(2,437 posts)htuttle
(23,738 posts)Every single one of them has been insecure this whole time!
MineralMan
(146,288 posts)Perhaps we now know how our accounts got hacked at one time or another.
FakeNoose
(32,634 posts)Don't even tell me the Russians haven't tried to hack Facebook. We all know they have. And the Chinese, the North Koreans, and God knows who else? So glad I quit Facebook years ago, but my account was dormant for a long time.