Facebook stored millions of users password in a readable format
Facebook said that these passwords were never visible to anyone outside the company and there has been no evidence of anyone internally that may have abused the data.
New Delhi Mar 23 : Facebook, the social media giant said on Thursday that it fixed a security issue where millions of passwords were stored in plain text and ‘readable’ format. According to reports, this issue was there for years, where it was searchable by thousands of its employees.
According to reports by KrebsOnSecurity, there were around 200-600 million Facebook users that may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees.
Facebook said in a blog post that as part of the routine security review in January the company had found that some user passwords were being stored in a readable format within its internal data storage systems.
Pedro Canahuati, VP Engineering, Security and Privacy at Facebook said, “We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way”.
Facebook went on to say that these passwords were never visible to anyone outside the company.
Facebook says that so far there has been no evidence of anyone internally that may have abused the data and the company plans on notifying this to hundreds of millions of Facebook Lite users along with Facebook users and Instagram users.
Facebook Lite is essentially used by people in regions with lower connectivity.
Facebook tweeted, “Out of an abundance of caution, we are telling people so that they can change passwords if they choose”.
Facebook earlier this month came under scrutiny for using phone numbers that were provided for security reasons like two-factor authentication for things like advertising and making users searchable by their phone numbers across its different platforms.
Facebook has adviced by saying, ” Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you”.
India TV Tech Desk