In the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.
As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.
Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.
Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.
"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.
Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.
As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.
Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.
Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.
"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.
Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.
Tag: Facebook
[ 242 comments ]
Top Rated Comments
(View all)
11 months ago
While many are saying "is anyone surprised" I actually am at this.
This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?
That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?
That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
11 months ago
Disgusting.
Use privacy enhancing tech or pay the price, in future privacy will be currency.
* GPG
* Veracrypt
* Monero
* VPN
* DuckDuckGo
* Pi.hole
Use privacy enhancing tech or pay the price, in future privacy will be currency.
* GPG
* Veracrypt
* Monero
* VPN
* DuckDuckGo
* Pi.hole
11 months ago
Every turd knows you salt the password and hash it and never ever store anything other than the hash. The password should never even have been transmitted to Facebook, but that’s a whole other story.
These guys should be shut down.
These guys should be shut down.
11 months ago
I dont feel bad for Zuckerberg for a second over the autobahn speed dumpster fire car crash that is Facebook that none of us can look away from.
Karma is so frigging beautiful. And to think, the demise of Zuck/FB is only in its earliest phase. Popcorn.gif
Good luck with that new privacy-centric platform pitch too, credible Lizardman! ;)
He'll be lucky to go the way of Tom; irrelevant. In more likelihood, jail time and litigation issues / scandals piling up until his old age. He certainly will not have gotten the last laugh, proverbially speaking.
I think in the end, Tom wasn't just everyone's friend on MySpace, he was indirectly everyone's friend IRL.
The platform caving on itself was a great 'avante-garde' gift to humanity; Nobel Peace Prize worthy imo!
And while I engage in debate often in polarizing pol threads, I think we *all* can rally behind the fact both sides are equally furious (for different reasons) at Facebook... Maybe thats the sort of common ground unity we need?
Karma is so frigging beautiful. And to think, the demise of Zuck/FB is only in its earliest phase. Popcorn.gif
Good luck with that new privacy-centric platform pitch too, credible Lizardman! ;)
He'll be lucky to go the way of Tom; irrelevant. In more likelihood, jail time and litigation issues / scandals piling up until his old age. He certainly will not have gotten the last laugh, proverbially speaking.
I think in the end, Tom wasn't just everyone's friend on MySpace, he was indirectly everyone's friend IRL.
The platform caving on itself was a great 'avante-garde' gift to humanity; Nobel Peace Prize worthy imo!
And while I engage in debate often in polarizing pol threads, I think we *all* can rally behind the fact both sides are equally furious (for different reasons) at Facebook... Maybe thats the sort of common ground unity we need?
[ Read All Comments ]
Apple intends to donate money in support of groups fighting the outbreak of the Coronavirus in China, Tim Cook said on Saturday.
Electron micrograph of coronavirus virions
In a morning tweet...
This week saw an interesting variety of Apple news and rumors, ranging from rumors about upcoming iPhone and iPad releases to Apple TV+ announcements to news that Adobe Flash support will finally be...
For this week's giveaway, we've teamed up with Choetech to offer MacRumors readers a chance to win a 61W USB-C power adapter and accompanying USB-C cable for charging a Mac or an iPad Pro.
...
Best Buy has kicked off a new 3-day sale as we head into the weekend, with discounts on MacBook Air, MacBook Pro, Beats products, and iPhone cases. This sale lasts through Sunday, January 26 at 11:59...
The App Store is experiencing a temporary outage that started at 7:30 a.m. Pacific Time, according to Apple's System Status website. Apple's site says that there's an unspecified ongoing...
Throwboy, known for its Iconic Pillow Collection featuring a selection of plush pillows designed to look like Apple devices, today launched a new selection of mini pillows called the "Pocket...
The Powerbeats Pro have returned to their lowest-ever price of $199.95 on Amazon, down from $249.95. This sale is the same one we've been tracking for the Powerbeats Pro since last fall,...
Samsung is said to be working on its own answer to AirDrop, Apple's ad-hoc service that lets users transfer files among Macs and iOS devices over Wi-Fi and Bluetooth.
According to XDA...
