Facebook says it stored millions of passwords in plain text


Facebook's vice president of engineering, security and privacy Pedro Canahuati said the unmasked passwords were found during a routine check of systems.

He said the problem affects tens of millions of Facebook users, tens of thousands of Instagram users and hundreds of millions of Facebook Lite users.

Users' passwords were being stored in an unencrypted format, and reportedly were accessible by 20,000 workers at the company.

Over half a billion Facebook users' passwords sat unsecured on the company's servers for years, the company has admitted, after an investigation uncovered the egregious bug - but it's OK, only Facebook employees could access them.

In a blog post addressing the issue, Facebook relays that it found no evidence that any employee improperly accessed said passwords. Not really. Still, given how much personal information people tend to store on Facebook, the idea of one's password being stored in plain text will likely not sit will with many.

Update, 11:43 a.m.: Facebook has posted a statement about this incident here. Facebook did not say for how long they had been storing passwords in this way.

Cyclone Ida leaves trail of destruction in Zimbabwe
Nyusi flew over areas that were otherwise accessible, and some of which had been hit by flooding before Cyclone Idai. The airport was set to reopen on Sunday as flights began taking off from the capital Maputo bound for Beira.

The company said it discovered the exposed passwords during a security review in January and launched an investigation.

He also mentioned use of other features Facebook offers to prevent someone from using stolen user credentials to log in to its services-including two-factor authentication (2FA) through the mobile application or via text message, or the use of a USB security key.

The outlet also recommended that users should change their password. In cases of previous security lapses, the site has proactively locked down affected users' accounts and demanded that they create a new password before they can regain access. The precise number of affected users hasn't been determined, but this is estimated to affect between 200 and 600 million accounts going back to at least 2012, according to the company's archives.

If you woke up this morning and thought to yourself, "Hey, it's been a minute since I last heard about Facebook security issues affecting millions of users in scary ways", then have we got some news for you.

"In jargon terms, they're known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f1531753a7c43ab4f4faace212451, anyone looking at the stored data will see the actual password, right there, just like that", it says.