Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access

Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.

As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.

facebooksecurity
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.

Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.

Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.

"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.

Top Rated Comments

dannyyankou Avatar
30 months ago
Delete Facebook and delete your accounts
Score: 104 Votes (Like | Disagree)
wesleypitts Avatar
30 months ago
How is this company not being criminally prosecuted?
Score: 84 Votes (Like | Disagree)
JimmyBanks6 Avatar
30 months ago
While many are saying "is anyone surprised" I actually am at this.

This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
Score: 47 Votes (Like | Disagree)
AngerDanger Avatar
30 months ago
Consider my mind blown.

Score: 35 Votes (Like | Disagree)
1050792 Avatar
30 months ago
I'm shocked at Facebook's lack of security!
Said nobody.
Score: 34 Votes (Like | Disagree)
johnalan Avatar
30 months ago
Disgusting.


Use privacy enhancing tech or pay the price, in future privacy will be currency.

* GPG
* Veracrypt
* Monero
* VPN
* DuckDuckGo
* Pi.hole
Score: 31 Votes (Like | Disagree)

Top Stories

Top Stories 63 Feature

Top Stories: Beats Studio Buds Announced, Apple Watch Series 7 Rumors, and More

Saturday June 19, 2021 6:00 am PDT by
The Apple news cycle started to move beyond WWDC this week, but that doesn't mean there still wasn't a lot to talk about, led by the official debut of the much-leaked Beats Studio Buds that might give us a hint of what to expect for the second-generation AirPods Pro. With no hardware announcements at WWDC, we also took a look at when we might finally see the long-rumored redesigned MacBook...
ios wifi settings

iOS Bug Causes Specific Network Name to Disable Wi-Fi on iPhones

Sunday June 20, 2021 4:15 am PDT by
A wireless network naming bug has been discovered in iOS that effectively disables an iPhone's ability to connect to Wi-Fi. Security researcher Carl Schou found that after joining a Wi-Fi network with the name "%p%s%s%s%s%n" his iPhone's Wi-Fi functionality was left "permanently disabled." Changing a hotspot's SSID did nothing to correct the problem, with even a reboot failing to make a...
macbook air orange

Apple Developing a Whole New Kind of MacBook Air

Monday June 21, 2021 2:15 am PDT by
Apple is believed to be working on a completely new, high-end version of the MacBook Air, according to recent reports. Bloomberg's Mark Gurman, who often reveals accurate insights into Apple's plans, has repeatedly discussed the company's work on a high-end MacBook Air. Apple analyst Ming-Chi Kuo and leaker Jon Prosser have also referred to a similar MacBook Air model. The high-end...
YouTube Picture in Picture Feature

YouTube Says iOS Picture-in-Picture Coming to All US Users

Friday June 18, 2021 9:41 am PDT by
After a long wait, YouTube for iOS is officially gaining picture-in-picture support, allowing all users, non-premium and premium subscribers, to close the YouTube app and continue watching their video in a small pop-up window. In a statement to MacRumors, YouTube says that picture-in-picture is currently rolling out to all premium subscribers on iOS and that a larger rollout to all US iOS...
maxresdefault

Video: 20 Annoyances Apple Fixed in iOS 15 and macOS Monterey

Friday June 18, 2021 11:36 am PDT by
With iOS 15 and macOS Monterey, Apple is adding several quality of life improvements, which are designed to address some of the complaints that people have had with these operating systems for years now. Subscribe to the MacRumors YouTube channel for more videos. In our latest YouTube video, we're highlighting some of our favorite "fix" features that address long-running problems in iOS and...
iOS 15 Users Underwhelmed Feature

Users Underwhelmed by iOS 15 and iPadOS 15, Survey Suggests

Monday June 21, 2021 7:17 am PDT by
Users appear to be underwhelmed by Apple's upcoming iOS 15 and iPadOS 15 updates, according to the findings of a new survey by SellCell. The survey asked 3,000 iPhone and iPad users, evenly split between men and women, aged 18 or over in the United States, what they thought of iOS 15, iPadOS 15, and the naming of the upcoming iPhone 13 lineup. Over 50 percent of all of the survey's...
purple iphone 12 and 12 mini

iPhone 12 Mini Production Reportedly Ended Earlier Than Expected Due to Relatively Low Sales

Monday June 21, 2021 7:07 am PDT by
Following widespread reports that the iPhone 12 mini has experienced poor sales performance, at least relative to other iPhone 12 models, Taiwanese research firm TrendForce today claimed that production of the device has already ended. According to TrendForce, the iPhone 12 mini "reached End-of-Life ahead of time" during the second quarter of 2021, suggesting that Apple will focus on selling ...
primeday2020 feature3

Amazon Prime Day: The Best Apple Deals

Monday June 21, 2021 6:15 am PDT by
Amazon's annual Prime Day event has officially kicked off today, beginning 48 hours of discounts, offers, and tons of savings across Amazon's storefront. This includes everything from home electronics to clothing, jewelry, video games, movies, and much more. Note: MacRumors is an affiliate partner with these vendors. When you click a link and make a purchase, we may receive a small payment,...
16 inch macbook pro m2 render

When Can We Expect the Redesigned MacBook Pros Now?

Wednesday June 16, 2021 7:11 am PDT by
With no sign of redesigned MacBook Pro models at this year's WWDC, when can customers expect the much-anticipated new models to launch? A number of reports, including investor notes from Morgan Stanley and Wedbush analysts, claimed that new MacBook Pro models would be coming during this year's WWDC. This did not happen, much to the disappointment of MacBook Pro fans, who have been...
space gray magic accessories trio

Apple Stops Selling Magic Accessories in Space Gray

Friday June 18, 2021 9:16 am PDT by
Apple this week stopped selling its Magic Keyboard with Numeric Keypad, Magic Mouse 2, and Magic Trackpad 2 accessories for the Mac in a Space Gray color, around three months after discontinuing the iMac Pro, which also came in Space Gray. Last month, Apple listed the Space Gray accessories as available while supplies last, and the company has now removed the product pages from its website...