Skip to main content

Facebook apps logged users’ passwords in plaintext, because why not

posted onMarch 22, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

Facebook has mined a lot of data about its users over the years—relationships, political leanings, and even phone call logs. And now it appears Facebook may have inadvertently extracted another bit of critical information: users' login credentials, stored unencrypted on Facebook's servers and accessible to Facebook employees.

Brian Krebs reports that hundreds of millions of Facebook users had their credentials logged in plain text by various applications written by Facebook employees. Those credentials were searched by about 2,000 Facebook engineers and developers more than 9 million times, according to a senior Facebook employee who spoke to Krebs; the employee asked to remain anonymous because they did not have permission to speak to the press on the matter.

In a blog post today, Facebook Vice President of Engineering, Security, and Privacy Pedro Canahuati wrote that the unencrypted passwords were found during "a routine security review in January" on Facebook's internal network data storage. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and, as a precaution, we will be notifying everyone whose passwords we have found were stored in this way."

Source

Tags

Facebook Security

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th