SoylentNews

DannyB [soylentnews.org] writes:

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years [krebsonsecurity.com]

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee [ . . . . ]

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords. [ . . . . ]

Both Github [zdnet.com] and Twitter [krebsonsecurity.com] were forced to admit similar stumbles in recent months, but in both of those cases the plain text user passwords were available to a relatively small number of people

[ . . . . ] the issue first came to light in January 2019 when security engineers reviewing some new code noticed passwords were being inadvertently logged in plain text.

If I had a Facebook account, I would be reassured by Facebook's reassuring reassurances.

Original Submission