SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Date    Friday March 22 2019, @02:22PM
Author    chromas
Topic   
from the deep-seated-insecurities-and-paranoia dept.
https://soylentnews.org/article.pl?sid=19/03/22/049250

DannyB writes:

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee [ . . . . ]

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords. [ . . . . ]

Both Github and Twitter were forced to admit similar stumbles in recent months, but in both of those cases the plain text user passwords were available to a relatively small number of people

[ . . . . ] the issue first came to light in January 2019 when security engineers reviewing some new code noticed passwords were being inadvertently logged in plain text.

If I had a Facebook account, I would be reassured by Facebook's reassuring reassurances.


Original Submission

Links

  1. "DannyB" - https://soylentnews.org/~DannyB/
  2. "Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years" - https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
  3. "Github" - https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
  4. "Twitter" - https://krebsonsecurity.com/2018/05/twitter-to-all-users-change-your-password-now/
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=32526

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years on 2024-03-28 13:12:26