Facebook stored over 600 million passwords as plaintext that 20,000 employees could see

over 2 years ago by IanDorfman

Going back as far as 2012, a total of 20,000 Facebook employees had access to archives of between 200 million and 600 million Facebook users' passwords stored in plaintext.

Initially shared by security researcher Brian Krebs and then posted about on the official Facebook Newsroom by Facebook Vice President Engineering, Security, and Privacy Pedro Canahuati, Facebook will be notifying "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" about their account passwords being a part of this oversight.

Canahuati goes on to state that Small Facebook iconFacebook takes proper measures to stay "in line with security best practices," such as hashing and salting user passwords, so users can be verified by the social network's login servers that they're using the right password without the need to store the password as easily readable plaintext.

Canahuati concludes by recommending users change the password they use for Facebook and Small Instagram iconInstagram, use different and complex passwords across all online services, and consider utilizing both two-factor authentication and a password manager to further protect their accounts.

Further coverage:
Facebook Newsroom
Krebs on Security
Engadget
Motherboard
TechCrunch
The Verge
VentureBeat

Facebook

  • FreeProprietary
  • Windows
  • Online
  • Android
  • iPhone
  • Blackberry
  • Windows S
  • Android Tablet
  • Windows Phone
  • iPad
  • KaiOS

Facebook's mission is to give people the power to share and make the world more open and connected. Millions of people use Facebook everyday to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meet.

971 likes 206 Alternatives

❯ Alternatives to Facebook