Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access

by

Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.

As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.

facebooksecurity
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.

Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.

Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.

"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.

Tag: Facebook

Top Rated Comments

dannyyankou Avatar
dannyyankou
49 months ago
Delete Facebook and delete your accounts
Score: 104 Votes (Like | Disagree)
wesleypitts Avatar
wesleypitts
49 months ago
How is this company not being criminally prosecuted?
Score: 84 Votes (Like | Disagree)
JimmyBanks6 Avatar
JimmyBanks6
49 months ago
While many are saying "is anyone surprised" I actually am at this.

This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
Score: 47 Votes (Like | Disagree)
AngerDanger Avatar
AngerDanger
49 months ago
Consider my mind blown.

Score: 35 Votes (Like | Disagree)
1050792 Avatar
1050792
49 months ago
I'm shocked at Facebook's lack of security!
Said nobody.
Score: 34 Votes (Like | Disagree)
johnalan Avatar
johnalan
49 months ago
Disgusting.


Use privacy enhancing tech or pay the price, in future privacy will be currency.

* GPG
* Veracrypt
* Monero
* VPN
* DuckDuckGo
* Pi.hole
Score: 31 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Can't Get an iPhone 14 Pro? Here's Why You Should Wait for the iPhone 15 Ultra

Monday December 5, 2022 11:44 am PST by
Due to production issues at Apple supplier factories in China, the iPhone 14 Pro and iPhone 14 Pro Max are backordered and basically out of stock at every store. If you were planning to gift or receive an iPhone 14 Pro model for the holidays and didn't already get one, you're basically out of luck because they're gone until late December. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article202 comments
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
Read Full Article132 comments
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
Read Full Article
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
Read Full Article
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
Read Full Article54 comments
apple ar headset concept 1

Kuo: Apple Headset Shipments Potentially Delayed Until Second Half of 2023

Sunday December 4, 2022 7:38 am PST by
Mass shipments of Apple's long-rumored AR/VR headset may be delayed until the second half of 2023 due to unspecified "software-related issues," according to the latest information shared today by tech analyst Ming-Chi Kuo. Apple headset render by Ian Zelbo Kuo said mass shipments of components for the headset are still likely to begin in the first half of 2023, but he believes that mass...
Read Full Article146 comments
iPhone 14 Pro Purple Side Perspective Feature Purple

iPhone 15 Pro Rumored to Have These 5 Exclusive Features

Saturday December 3, 2022 10:55 am PST by
While we're still around nine months away from Apple unveiling the iPhone 15 lineup, rumors already suggest that the higher-end Pro models will have even more exclusive features than usual compared to the standard models next year. There are currently at least five features rumored to be exclusive to iPhone 15 Pro models:A17 chip: iPhone 15 Pro models will be equipped with an A17 Bionic...
Read Full Article
nothing phone 2

Nothing Plans to Launch Smartphone in US to Take on Apple's iPhone

Monday December 5, 2022 12:38 am PST by
UK-based tech company Nothing plans to launch a smartphone in the US to directly compete with Apple's iPhone, according to a new report out today. In an interview with CNBC, Nothing CEO Carl Pei said the startup is in "early conversations" with American cellular carriers about launching a new phone in the US, but he stopped short of naming any of the carriers or the phone model. Nothing...
Read Full Article155 comments
introducing apple music sing

Apple Music Adding a Karaoke Experience With Apple Music Sing

Tuesday December 6, 2022 7:09 am PST by
Apple today announced Apple Music Sing, a new feature in Apple Music that lets users sing their favorite songs with adjustable vocals and more. Apple Music Sing will utilize Apple Music's real-time lyrics to allow users to sing to their favorite songs using adjustable vocals, background vocals, and duet view to allow more than one singer.Apple Music Sing includes: Adjustable vocals: Users...
Read Full Article90 comments