Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report

Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report

SUMMARY

Around 200 Mn-600 Mn users’ passwords may have been compromised

Facebook said it found the bug in January 2019 security review

Facebook Lite and Instagram users have also been affected

Menlo Park-headquartered social media giant Facebook has said that as part of a routine security review in January 2019, it found that some user passwords were being stored in a readable format within its internal data storage systems. However, the company has now fixed the issue and said it will be notifying the affected users.

The development comes after cybersecurity reporter Brian Krebs reported the breach, saying that the bug dated back to 2012. Even though the company has not officially given any number of users affected, Krebs report said the investigation so far indicates between 200 Mn and 600 Mn Facebook users may have had their account passwords stored in plain text and searchable by more than 20K Facebook employees.

The company said that it has found “no evidence to date that anyone internally abused or improperly accessed them,” but said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.”

The company also said “tens of thousands of Instagram  users” will be notified of the exposure.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we discovered them,” the company said.

Facebook also explained how it stores users’ passwords: “In security terms, we “hash” and “salt” the passwords, including using a function called “scrypt” as well as a cryptographic key that lets us irreversibly replace your actual password with a random set of characters. With this technique, we can validate that a person is logging in with the correct password without actually having to store the password in plain text.”

At the same time, Krebs report said that some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

This is not the first time, social media players have faced data concerns with users’ passwords. Earlier, Twitter and GitHub were hit by similar but independent bugs, but passwords were stored in plaintext and not scrambled.

Facebook has been at the centre of data breach scandals over the last year and concerns of users as well as the government. The company has reportedly admitted the breach to European Union agencies under the GDPR compliance rules. But it remains to be seen if Indian government summons the company again, seeking Indian users’ statistics or Facebook gets out of the scandal unscathed again.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report-Inc42 Media
Since 2012, Millions Of Facebook User Passwords Were Stored In Plain Text: Report-Inc42 Media
You’re in Good company