Facebook: Hundreds Of Millions Of Account Passwords Stored In Plain Text

But only the employees had access to it.

Theoretically, the passwords you use online every day on secured web services are saved on computer servers, protected with encryption. As soon as you create it, they undergo a series of transformations known as hashing that makes them impossible to crack.

Theoretically again, your Facebook password is no exception and is saved on Facebook’s servers, a well-kept secret. But that’s when the theory stops and the error begins.

The blog (yes...blog) KrebsonSecurity, written by a former reporter at the Washington Post revealed on March 21 that Facebook, unfortunately, saved hundreds of millions of account passwords in plain text.

According to an employee who wishes to remain anonymous, a string of embarrassing security issues affecting certain Facebook-branded apps which saved these data on the company’s servers.

Facebook immediately reacted by admitting the security lapse and adding that one of the passwords were visible to anyone outside Facebook. "We have found no evidence to date that anyone internally abused or improperly accessed them", said VP for Privacy Pedro Canahuati.

However, the company admits that hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users are concerned by this error.

They should be notified in days to come. Meanwhile, users are advised to enable a two-factor authentification and change their password. Better be safe than sorry, especially if the same password is also used elsewhere online.


By Pierre Schneidermann, published on 22/03/2019