In some ways Facebook is a marvel of data management. In other ways…
Facebook’s year-long string of data management and privacy scandals continues with the latest report that the social media company has been storing user passwords in plain text for years. The passwords were accessible to as many as 20,000 Facebook employees.
Jacob Kastrenakes wrote about Facebook’s latest misstep for The Verge:
Between 200 million and 600 million Facebook users are believed to have been affected, according to Krebs, which first reported the security flaw. Facebook confirmed the issue in a blog post, titled “Keeping Passwords Secure,” and it said the company identified the problem in January as part of a security review. Facebook says it has fixed the issue and will notify everyone affected.
According to Facebook, there’s no evidence that plain text passwords were exposed outside of the company or that they were abused internally. As a result, users won’t be required to reset their passwords. The issue impacted “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” the company says.
Although there’s no evidence of abuse, at least 2,000 Facebook employees searched through the files containing passwords, though it’s not clear what for. The password logging reportedly started as early as 2012.
This is the latest in a string of bad security issues for Facebook. In October, a hacker was able to access personal information from 29 million accounts after stealing login tokens. Before that, hacked private messages from 81,000 users were found to have been put up for sale. And none of that is including the wide-scale improper data sharing issues that kicked off with Cambridge Analytica and started putting real pressure on the company to change its practices.
