Facebook And Instagram Stored Millions Of Passwords In Plain Text Format

Although Facebook suggests you to choose a strong and tricky password before creating a profile but it seems like that the company still doesn’t pay much attention to protecting them, once it gets into their database.

This has been finally proven, in a rather surprising confirmation from Facebook, that the platform kept on storing “hundreds of millions” of account passwords in a plain text for as long as you have been on the social media site.

In a blog post on Thursday, Facebook admitted about the security lapse and attached a report by cybersecurity expert Brian Krebs, which initiated the debate. Facebook’s VP Engineering, Security and Privacy, Pedro Canahuati revealed that the bug was first discovered in January this year during routine security review but fortunately, the passwords are still not visible to anyone outside Facebook.

On the other hand, according to Krebs, this has been happening since 2012 and Facebook was finally forced to take some action after he claimed that all the logs were accessible to almost 2,000 Facebook engineers and developers.

Canahuati went on to claim that Facebook’s login systems are designed in such a way that no one can ever read any password, including the internal team. The company uses special encryption methods (process which includes hashing) to give extra protection and they will soon figure out a better alternative to make the situation better.
Besides that, Facebook is also planning to notify every affected user; be it “hundreds of millions of Facebook Lite users,” who use Facebook Lite (an app) where internet speeds are slow and bandwidth is expensive, or all “tens of millions of other Facebook users”. However, none of them will be required to change their password as all of the plain text is in safe hands now, yet as a safety precaution "You can change your password in your [device] settings on Facebook and Instagram" and "Avoid reusing passwords across different services", said Canahuati.

Facebook hasn’t confirmed the overall figure of affected profiles but Krebs believe that they are 600 Million, making up for one-fifth of total 2.7 Billion Facebook users.

This is yet another nail in the coffin for Facebook’s Privacy case.

Facebook And Instagram Stored Millions Of Passwords In Plain Text Format

Read Next: Hoaxes On Facebook Are Creating Confusion Among Users

No comments:

Post a Comment