web analytics

Facebook admits storing millions of passwords in plaintext

Facebook has admitted that they have discovered that hundreds of millions of user passwords were stored in a readable format or in plaintext within their internal data storage systems.

• Facebook Password • Facebook Admits Storing Millions Of Passwords In Plaintext

In a statement, Pedro Canahuati, Facebook VP Engineering, Security and Privacy, said that their login systems should have masked the passwords, and have discovered the issue during their routine security review in January. He said that the passwords were never visible to anyone outside of Facebook and have found no evidence to date that anyone internally abused or improperly accessed those passwords. He also said that they have fixed the issues and will notify affected users as a precaution.

See also  Kingston announces NV1 NVMe PCIe SSD

The social media giant estimates that it has affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.

Realme Philippines

A senior Facebook employee who spoke on condition of anonymity told KrebsOnSecurity that initial investigation estimates that between 200 million and 600 million Facebook users might have had their passwords stored in plaintext and was searchable by more than 20,000 Facebook employees. Some of the discovered archives of plaintext passwords even date back to 2012.

See also  Facebook data breach affected 755,973 users in the Philippines

Although Facebook says that no passwords were exposed externally and that they didn’t find any evidence of abuse to date, the company still recommends changing your passwords on Facebook and Instagram as well as enabling a security key or two-factor authentication (2FA) to keep it secure.

Paul Ducklin, a senior technologist at cybersecurity provider Sophos, also recommends changing your Facebook password and enabling 2FA. “It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands (and you can bet your boots that the crooks are trawling through any old data they might have right now, to see if there is anything they missed before), then you can expect them to be abused. Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin said.

See also  HTC U19e, Desire 19+ now official

You can read Facebook’s full statement here.

Avatar Of Louie Diangson

This article was written by Louie Diangson, Managing Editor of YugaTech. You can follow him at @John_Louie.

5 1 vote
Article Rating
Notify of

Inline Feedbacks
View all comments
Yugatech 728x90 Reno7 Series
Would love your thoughts, please comment.x