Dislike600M Facebook passwords were stored in plain text

1
Got mates that work for Facebook? I hope not :thumbdown:

Facebook Stored Up to 600M User Passwords in Plain Text

Facebook engineers built applications that stored unencrypted passwords on internal servers which could be searched by over 20,000 employees.


It looks as though Facebook is in hot water once again today as it has been revealed up to 600 million Facebook users had their passwords stored in plain text on the social network's internal servers as far back as 2012.

As KrebsonSecurity reports, a Facebook source who asked for anonymity confirmed that between 200 and 600 million users had their passwords stored free of encryption on the company's servers. The data was being collected by a number of applications, leaving them available to view in plain text. The internal servers are accessible by over 20,000 employees, meaning any of them could have searched the list and potentially abused the data.

Facebook is thought to be carrying out an internal investigation to see how this managed to happen. What's of most concern is around 2,000 Facebook engineers are thought to have queried the password data over nine million times.

Scott Renfro, an engineer at Facebook, has confirmed to Krebs that Facebook users will be informed of what happened today, but that, "We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data." Before that happens, Facebook has been looking to see which, if any of the passwords have, "signs of abuse" because it's only those users that will need to be told to change their password. As it currently stands, no resets are expected to be necessary.

Facebook has known about the plain text passwords since January when a review carried out by security engineers noticed the passwords being logged. A task force was then created to review the situation and an investigation carried out so as to instigate, "long-term infrastructure changes to prevent this going forward."

A written statement from Facebook sent to Krebs states that notifications will be sent to, "hundreds of millions of Facebook light users, tens of millions of other Facebook users, and tens of thousands of Instagram users."

Source: https://www.pcmag.com/news/367319/faceb ... plain-text
Important: The worst forex brokers of all time 👎


Re: 600M Facebook passwords were stored in plain text

3
"Facebook seems to have taken action into their own digital hands with a brand new tool that allows its (for now, only) UK users to report fake adverts. The special tool will work on the simple premise of reviewing and reporting an ad to a team of specially trained professionals that will take down the fraudulent advertising and prevent similar ones from ever popping up. This measure of security is mirrored by the latest FCA plan to ban all crypto derivatives to retail investors."

If only they'd strive to protect their users as much as they strive to protect themselves. :roll:

DislikeRe: 600M Facebook passwords were stored in plain text

4
mlawson71 wrote: Tue Jul 23, 2019 2:02 am If only they'd strive to protect their users as much as they strive to protect themselves. :roll:
Absolutely. God I hate Facebook. I haven't used my personal account for 5 years and I totally just want to remove and disassociate our Forex Station page from there but don't want to abandon our followers and not keep them up to date with our Daily Downloads.

I just don't to be anywhere near this scummy company anymore.
Are you looking for a Forex broker? FBS cuts spreads by up to 58%. Click here to begin your trading journey, today.
No commissions are earned by Forex-station.


Guide to the "All Averages" Filters (ADXvma, Laguerre etc.) 🆕
Use Fibonacci numbers for indicator settings + How to draw Fibonacci Extensions
An easy trick for drawing Support & Resistance

Re: 600M Facebook passwords were stored in plain text

5
I agree. And what meaningful communication can happen through FB? People use it to keep in touch with relatives, but I have a phone for that? And if I don't keep in touch on the phone with a relative it's because I don't actually want or need to keep in touch with that person. I don't need my cousin ten times removed to know the minutae of my personal life, nor do I need to know about theirs.


Who is online

Users browsing this forum: No registered users and 37 guests