Facebook Stored Password Of Million Of Users In Plain Text
March 25th, 2019 / 10:23 AM
Facebook again came under scrutiny and drew plethora of criticism after it was revealed that the company used to store passwords of hundreds of millions of users in plain text, reported The Verge. What was more shocking is the fact that these passwords were easily accessible to as many as 20,000 company employees.
The issue came into light when KerbsonSecurity reported it first on March 21. The report said that some of these account passwords were sitting there since 2012. Generally, user passwords are protected with encryption – a process known as hashing. However, a series of errors by the social media giant resulted in passwords to be accessed by the employees.
On the same reacting to the report, Facebook said that there is no evidence that the passwords were exposed to Facebook employees or were abused by outsiders. Pedrao Canahuati, Facebook’s Vice President for Engineering, Security and Privacy said, “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” The statement further read that the Facebook team found about this in a part of a routine security review in January. It further said that they solved the issue. The company also said that they will notify everyone whose passwords were stored in this way.
According to Krebs, 20 crores to 60 crores Facebook users are believed to be affected. This is not the first time that the company has thrown personal security information in front of a moving bus. Five months back, a hacker found a way to access personal information from 29 million accounts after stealing login tokens. Prior to that, hacked private messages of more than 80,000 users were put on sale. And above all the infamous Cambridge Analytica in which Facebook was badly mired in.
Written by : Debarghya Sil
Edited by : Poorbita Bagchi