Slashdot Mirror

← Back to Stories (view on slashdot.org)

For Years, Hundreds of Millions of Facebook Users Had Their Account Passwords Stored in Plain Text and Searchable By Thousands of Facebook Employees (krebsonsecurity.com)

Posted by msmash on from the security-woes dept.

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity reported Thursday. From the report: Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing the causes of a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That's according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press. The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012. Facebook has responded.

3 of 106 comments (clear)

  1. Hey look by DarkRookie2 · · Score: 5, Insightful

    Another story on how Facebook doesn't care about privacy.
    The amount of these is insane. Why is this still a company and not been shut down.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
  2. Re:Lies by Anonymous Coward · · Score: 4, Insightful

    The incompetence of these people is astonishing.

    Is it incompetence, or a culture of entitled assholes?

    So far, my take on Facebook is it's led by a self-entitled asshole, and that probably permeates the entire company ... we're Facebook, so fuck you, we'll do whatever we want.

    This is a company which tracks you on almost every website unless you block them. Fuck that, I've blocked any of their domains and Zuckerfuck can kiss my ass and then fuck off.

    Everything about Facebook says it is ran by assholes, and by extension staffed by assholes.

    I'm not giving them a pass on incompetence, I think they're pretty much a malicious entity who feels they have the right to any of your data with or without your consent.

  3. should never have been available in plaintext by Geoffrey.landis · · Score: 3, Insightful

    The point is, passwords should never have been available in plaintext in the first place.

    What the heck is wrong with them? The techniques for keeping passwords encrypted (or not holding them at all, just the hash) are well known in the business, and have been well known for decades.

    --
    http://www.geoffreylandis.com