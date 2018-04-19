from the text/plain;charset=oooops? dept.
Facebook Stored Millions of Instagram Passwords in Plain Text:
Facebook says it stored millions of Instagram users’ passwords in plain text, leaving them exposed to people with access to certain internal systems. The security lapse was first reported last month, but at the time, Facebook said it only happened to “tens of thousands of Instagram users,” whereas the number is now being revised up to “millions.” The issue also affected “hundreds of millions of Facebook Lite users” and “tens of millions of other Facebook users.”
Passwords are supposed to be stored in an encrypted format that allows websites to confirm what you’re entering without directly reading it. But as Krebs on Security first reported, various errors seem to have caused Facebook’s systems to log some passwords in plain text since as early as 2012. Facebook noticed the problem in January and said in March that the issue had been resolved.
Who could ever imagine imagine FaceBook treating users' passwords as if it were a game.
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee [ . . . . ]
My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords. [ . . . . ]
Both Github and Twitter were forced to admit similar stumbles in recent months, but in both of those cases the plain text user passwords were available to a relatively small number of people
[ . . . . ] the issue first came to light in January 2019 when security engineers reviewing some new code noticed passwords were being inadvertently logged in plain text.
If I had a Facebook account, I would be reassured by Facebook's reassuring reassurances.
(Score: 0) by Anonymous Coward on Friday April 19, @12:14AM
These cretins have some new data related mishap in the news every week. Sooner or later the US government will get off its ass and enforce the consent decree from 2011 and fine them untold billions of dollars. Until then FB will just keep doing what they want.