Highlights

Smartphone Price List Philippines 2024

Facebook admits storing millions of passwords in plaintext

Written by Avatar for Diangson Louie Published • March 22, 2019

Facebook has admitted that they have discovered that hundreds of millions of user passwords were stored in a readable format or in plaintext within their internal data storage systems.

In a statement, Pedro Canahuati, Facebook VP Engineering, Security and Privacy, said that their login systems should have masked the passwords, and have discovered the issue during their routine security review in January. He said that the passwords were never visible to anyone outside of Facebook and have found no evidence to date that anyone internally abused or improperly accessed those passwords. He also said that they have fixed the issues and will notify affected users as a precaution.

GCash partners with PayPal to streamline freelancer payments
Trending
GCash partners with PayPal to streamline freelancer payments

The social media giant estimates that it has affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.

A senior Facebook employee who spoke on condition of anonymity told KrebsOnSecurity that initial investigation estimates that between 200 million and 600 million Facebook users might have had their passwords stored in plaintext and was searchable by more than 20,000 Facebook employees. Some of the discovered archives of plaintext passwords even date back to 2012.

Although Facebook says that no passwords were exposed externally and that they didn’t find any evidence of abuse to date, the company still recommends changing your passwords on Facebook and Instagram as well as enabling a security key or two-factor authentication (2FA) to keep it secure.

Paul Ducklin, a senior technologist at cybersecurity provider Sophos, also recommends changing your Facebook password and enabling 2FA. “It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands (and you can bet your boots that the crooks are trawling through any old data they might have right now, to see if there is anything they missed before), then you can expect them to be abused. Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin said.

You can read Facebook’s full statement here.

Globe Prepaid eSIM finally available via GlobeOne app
Trending
Globe Prepaid eSIM finally available via GlobeOne app

LATEST SMARTPHONE IN THE PHILIPPINES

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 998 other subscribers

Article Under:

Avatar for Diangson Louie

This article was written by Louie Diangson, Managing Editor of YugaTech. You can follow him at @John_Louie.

Twitter | Facebook | YouTube | Instagram

Leave a Reply
JOIN OUR TELEGRAM DISCUSSION

Your email address will not be published. Required fields are marked *

cherry aqua series x yugatech
View All Reviews →
View All Guides →