Social Media
Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext
Flip the “days since last Facebook security incident” back to zero.
Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years.
The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them.”
Facebook said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.” The company also said “tens of thousands of Instagram users” will be notified of the exposure.
Facebook didn’t say exactly how the bug came to be. The company said it hashes and salts passwords — two ways of further scrambling passwords — to store passwords securely.
Twitter and GitHub were hit by similar but independent bugs last year. Both companies said passwords were stored in plaintext and not scrambled.
It’s the latest in a string of embarrassing security issues at the company, prompting congressional inquiries and government investigations. It was reported last week that Facebook’s deals that allowed other tech companies to access account data without consent was under criminal investigation.
It’s not known why Facebook took months to confirm the incident, or if the company informed state or international regulators per U.S. breach notification and European data protection laws. We asked Facebook but a spokesperson did not immediately comment beyond the blog post.
More soon…
Acer Chromebook Plus Spin 714 review
How to identify AI-generated videos
25 greatest sci-fi films on Hulu that you can watch right now
Menendez brothers case reignites online: The questions that keep resurfacing
‘A Real Pain’ review: Jesse Eisenberg and Kieran Culkin charm as odd-couple cousins
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
Is ‘The Substance’ streaming? How to watch at home
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
When will we have 2024 election results online?
Social media drives toxic fandom. Is there a solution?
The 3 greatest October Prime Day robot vacuum deals — according to an expert
New to streaming, ranked (October 11, 2024)
‘Blitz’ review: Steve McQueen’s World War II epic dazzles but ultimately disappoints
3 signs of online grooming that are easy to miss
Huge NASA spacecraft is flying to a perilous part of the solar system
Elon Musk’s Community Notes: What to know about X users fact-checking him
‘The Franchise’ review: New HBO comedy asks if superhero films are ‘killing cinema’
October Prime Day: Shop the greatest deals from Amazon, Apple, Garmin, LG, and more
Prime Day vs. Black Friday: Which sales are better?
How to watch ‘Beetlejuice Beetlejuice’ at home: Release date, streaming deals, and more
Acer Chromebook Plus Spin 714 review
How to identify AI-generated videos
25 greatest sci-fi films on Hulu that you can watch right now
Menendez brothers case reignites online: The questions that keep resurfacing
‘A Real Pain’ review: Jesse Eisenberg and Kieran Culkin charm as odd-couple cousins
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
Is ‘The Substance’ streaming? How to watch at home
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
When will we have 2024 election results online?
Social media drives toxic fandom. Is there a solution?
-
Entertainment6 days ago‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment7 days agoPolling 101: Weighting, probability panels, recall votes, and reaching people by mail
-
Entertainment5 days agoWhen will we have 2024 election results online?
-
Entertainment6 days ago5 Dyson Supersonic dupes worth the hype in 2024
-
Entertainment4 days agoHalloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment5 days agoSocial media drives toxic fandom. Is there a solution?
-
Entertainment4 days agoIs ‘The Substance’ streaming? How to watch at home
-
Entertainment4 days agoM4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
