Technology
Facebook stored passwords in plain text for hundreds of millions of users
Image: Florian Gaertner/Photothek via Getty Images
Hundreds of millions of Facebook users’ passwords were stored in plain text, completely searchable by Facebook employees for years.
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to . The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
Shortly after KrebsOnSecurity published its story, Facebook by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.”
The users most affected by the security lapse are those who use the social network’s “lower connectivity” client, Facebook Lite. The company estimates that hundreds of millions of Facebook Lite users and tens of millions of “other” Facebook users had their passwords stored in plain text. Tens of thousands of Instagram users also were also affected.
Facebook claims that no one outside of the company was able to view the passwords and that it has found no evidence that anyone working at the social network “abused or improperly accessed them.” According to KrebsOnSecurity’s source, around 2,000 engineers or developers queried data that contained plain text passwords approximately 9 million times.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” stated Canahuati.
At this point, Facebook is no stranger to security failures. In one recent breach reported in October 2018, personal information of tens of millions of Facebook users were by hackers. Just two months later, the company shared that millions of its users’ photos to third-party developers who never had permission to view them in a completely separate breach.
Facebook is not forcing affected users to change their passwords at this time.
Every Samsung Galaxy Unpacked announcement, including S25 phones
10 Sundance films you should know about now
What drives John Cena? The ‘What Drives You’ host speaks out
‘The Brutalist’ AI backlash, explained
OnePlus 13 review: A great option if you’re sick of the usual flagships
‘Night Call’ review: A bad day on the job makes for a superb action movie
How ‘Grand Theft Hamlet’ evolved from lockdown escape to Shakespearean success
If TikTok is banned in the U.S., this is what it will look like for everyone else
‘One of Them Days’ review: Keke Palmer and SZA are friendship goals
‘Back in Action’ review: Cameron Diaz and Jamie Foxx team up for Gen X action-comedy
What’s new to streaming this week? (Dec. 27, 2024)
2025’s public domain works and how you can use them, from Popeye to ‘The Sound and the Fury’
The greatest ’90s films on Prime Video
How to watch ‘Wicked’ at home: Release date, streaming deals, and more
CES 2025 highlights: 12 new gadgets you can buy already
‘American Primeval’ review: Can Netflix’s grimy Western mini-series greatest ‘Yellowstone’?
Tesla launched the new Model Y in China. Here’s what you need to know
Eight ways Mark Zuckerberg changed Meta ahead of Trump’s inauguration
Meta ditches fact-checking for community notes ahead of second Trump term
Space calendar 2025: Here are the moments you won’t want to miss
Every Samsung Galaxy Unpacked announcement, including S25 phones
10 Sundance films you should know about now
What drives John Cena? The ‘What Drives You’ host speaks out
‘The Brutalist’ AI backlash, explained
OnePlus 13 review: A great option if you’re sick of the usual flagships
‘Night Call’ review: A bad day on the job makes for a superb action movie
How ‘Grand Theft Hamlet’ evolved from lockdown escape to Shakespearean success
If TikTok is banned in the U.S., this is what it will look like for everyone else
‘One of Them Days’ review: Keke Palmer and SZA are friendship goals
‘Back in Action’ review: Cameron Diaz and Jamie Foxx team up for Gen X action-comedy
-
Entertainment7 days agoWhat’s new to streaming this week? (Jan. 17, 2025)
-
Entertainment6 days agoExplainer: Age-verification bills for porn and social media
-
Entertainment6 days agoIf TikTok is banned in the U.S., this is what it will look like for everyone else
-
Entertainment6 days ago‘Night Call’ review: A bad day on the job makes for a superb action movie
-
Entertainment6 days agoHow ‘Grand Theft Hamlet’ evolved from lockdown escape to Shakespearean success
-
Entertainment6 days ago‘September 5’ review: a blinkered, noncommittal thriller about an Olympic hostage crisis
-
Entertainment6 days ago‘Back in Action’ review: Cameron Diaz and Jamie Foxx team up for Gen X action-comedy
-
Entertainment6 days ago‘One of Them Days’ review: Keke Palmer and SZA are friendship goals
