Users' passwords were being stored in an unencrypted format, and reportedly were accessible by 20,000 workers at the company.
Over half a billion Facebook users' passwords sat unsecured on the company's servers for years, the company has admitted, after an investigation uncovered the egregious bug - but it's OK, only Facebook employees could access them.
In a blog post addressing the issue, Facebook relays that it found no evidence that any employee improperly accessed said passwords. Not really. Still, given how much personal information people tend to store on Facebook, the idea of one's password being stored in plain text will likely not sit will with many.
Update, 11:43 a.m.: Facebook has posted a statement about this incident here. Facebook did not say for how long they had been storing passwords in this way.Читайте также: Syracuse's Howard suspended indefinitely due to athletic policy violation
The company said it discovered the exposed passwords during a security review in January and launched an investigation.
He also mentioned use of other features Facebook offers to prevent someone from using stolen user credentials to log in to its services-including two-factor authentication (2FA) through the mobile application or via text message, or the use of a USB security key.
The outlet also recommended that users should change their password. In cases of previous security lapses, the site has proactively locked down affected users' accounts and demanded that they create a new password before they can regain access. The precise number of affected users hasn't been determined, but this is estimated to affect between 200 and 600 million accounts going back to at least 2012, according to the company's archives.
If you woke up this morning and thought to yourself, "Hey, it's been a minute since I last heard about Facebook security issues affecting millions of users in scary ways", then have we got some news for you.
"In jargon terms, they're known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f1531753a7c43ab4f4faace212451, anyone looking at the stored data will see the actual password, right there, just like that", it says.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог