'Digital hygiene' urged after Facebook admits storing passwords in plain text

Alfred Osborne
March 22, 2019

To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. Another major gaffe has resulted in the passwords of "hundreds of millions" of Facebook users being exposed to more than 20,000 employees.

He said he was shocked to hear about Facebooks password security, "I would have assumed that they were way more sophisticated then that".

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons - like two-factor authentication (2FA) - for things like advertising and making users searchable by their phone numbers across its different platforms.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

However, referring to a senior Facebook employee familiar with the investigation, KrebsOnSecurity said that around 2,000 Facebook employees have made 9 million internal queries approximately, for data elements containing users' passwords.

Trump announces cancellation of new round of sanctions targeting North Korea
Trump walked out of that summit after refusing to agree to the North's demands of lifting all sanctions. The Treasury Department did not immediately respond to Fox News' request for comment.

Venezuelan forces detain Guaido's chief of staff
Guaido invoked the constitution in January to assume the interim presidency after declaring Maduro's 2018 re-election a fraud. Unfortunately, they have come for me. "Unless Maduro's usurpation ends, he and his cronies will be strangled financially".

Iowa Women Host Mercer in NCAA First Round
Ohio State is the No. 11 seed and will travel out west to Tulsa, Oklahoma to face the Big Twelve Tournament Champion Iowa State. Iowa State won the Big 12 Tournament title after beating Baylor, Kansas State and Kansas; all three are NCAA Tournament teams.

How Facebook Protect User's Password?

In security terms, we "hash" and "salt" the passwords, including using a function called "scrypt" as well as a cryptographic key that lets us irreversibly replace your actual password with a random set of characters. They have also built applications that logged plain text users' password data.

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook also asked people to change their passwords "out of an abundance of caution". It said people would not need to reset their passwords (although some experts have advised they do so anyway). The company, however, confirms that the victims include Facebook Lite users in a vast majority, alongside tens of millions of Facebook users, and at least tens of thousands of Instagram accounts that were affected.

All Facebook users are being urged to change their passwords after a massive security error on the world's biggest social media site.

Other reports by

Discuss This Article