Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Mar 21, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.

    As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.

    [​IMG]

    Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.

    Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.

    Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.

    "There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

    Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.

    Article Link: Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
     
  2. dannyyankou macrumors G3

    dannyyankou

    Joined:
    Mar 2, 2012
    Location:
    Scarsdale, NY
  3. johnalan macrumors 6502

    johnalan

    Joined:
    Jul 15, 2009
    Location:
    Dublin, Ireland
    #3
    Disgusting.


    Use privacy enhancing tech or pay the price, in future privacy will be currency.

    * GPG
    * Veracrypt
    * Monero
    * VPN
    * DuckDuckGo
    * Pi.hole
     
  4. givemeanapple macrumors Demi-God

    givemeanapple

    Joined:
    Oct 2, 2016
    Location:
    Earth
    #4
    I'm shocked at Facebook's lack of security!
    Said nobody.
     
  5. thadoggfather, Mar 21, 2019
    Last edited: Mar 21, 2019

    thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #5
    I dont feel bad for Zuckerberg for a second over the autobahn speed dumpster fire car crash that is Facebook that none of us can look away from.

    Karma is so frigging beautiful. And to think, the demise of Zuck/FB is only in its earliest phase. Popcorn.gif

    Good luck with that new privacy-centric platform pitch too, credible Lizardman! ;)

    He'll be lucky to go the way of Tom; irrelevant. In more likelihood, jail time and litigation issues / scandals piling up until his old age. He certainly will not have gotten the last laugh, proverbially speaking.

    I think in the end, Tom wasn't just everyone's friend on MySpace, he was indirectly everyone's friend IRL.

    The platform caving on itself was a great 'avante-garde' gift to humanity; Nobel Peace Prize worthy imo!

    And while I engage in debate often in polarizing pol threads, I think we *all* can rally behind the fact both sides are equally furious (for different reasons) at Facebook... Maybe thats the sort of common ground unity we need?
     
  6. wesleypitts macrumors member

    wesleypitts

    Joined:
    Apr 22, 2015
    Location:
    Los Angeles, CA
    #6
    How is this company not being criminally prosecuted?
     
  7. BWhaler macrumors 68030

    BWhaler

    Joined:
    Jan 8, 2003
  8. omihek macrumors 6502

    omihek

    Joined:
    May 3, 2014
    Location:
    Salt Lake City, UT
  9. mi7chy macrumors 603

    mi7chy

    Joined:
    Oct 24, 2014
    #9
    Almost as bad as MacOS no root password.
     
  10. SourceSunTom macrumors 6502

    SourceSunTom

    Joined:
    Jul 7, 2016
    Location:
    France
    #10
    What the... I mean it's Facebook, shouldn't be surprised
     
  11. Jim Higgins macrumors member

    Jim Higgins

    Joined:
    Sep 6, 2018
    #11
    Permanently delete your FB account. Burn Facebook to the ground!
     
  12. AngerDanger macrumors 601

    AngerDanger

    Joined:
    Dec 9, 2008
  13. JimmyBanks6 macrumors regular

    JimmyBanks6

    Joined:
    Oct 4, 2017
    #13
    While many are saying "is anyone surprised" I actually am at this.

    This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

    That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
     
  14. crawfish963 macrumors 6502a

    crawfish963

    Joined:
    Apr 16, 2010
    Location:
    Texas
    #14
    So glad I deleted my (useless) Facebook account.
     
  15. Schwyz, Mar 21, 2019
    Last edited: Mar 21, 2019

    Schwyz macrumors regular

    Schwyz

    Joined:
    Apr 6, 2016
    Location:
    Up a tree
    #15
    This degree of gross incompetence and negligence I would not have expected from a company that competently and attentively sells their user's information to the highest bidder.

    But then again, I would.
     
  16. keysofanxiety macrumors G3

    keysofanxiety

    Joined:
    Nov 23, 2011
    #16
    And mine! Imagine Zucc sweating profusely as he's interrogated for his practices, then he eventually unzips his human skin and lizard-scuttles into a small crack in the wall to escape further questions.

    Imagine an animation of that. Some sort of, oh, I dunno, GIF.

    Boy, wouldn't that be something.
     
  17. chfilm macrumors 68000

    chfilm

    Joined:
    Nov 15, 2012
    Location:
    Germany
    #17
    It‘s getting better and better... I can smell the end of facebook already.
     
  18. kaycrystal626 macrumors member

    kaycrystal626

    Joined:
    Oct 11, 2018
    #18
    Delete Facebook? Where are you going to go? Google+?
     
  19. thadoggfather, Mar 21, 2019
    Last edited: Mar 21, 2019

    thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #19
    Deep State Facebook. Generally, they protect their own as often as they can, unless its a 'CYA' situation like we're in in 2019.

    Facebook is such a leaky ship, the rats are scrambling while turning on each other. Its poetic.

    They're also the unsolicited pro bono prostitute 'putting out' -- giving private companies user data when they DIDNT even ask for it (as best as we are aware right now). Does it get more reckless than that? Some people just want to watch the world burn, and I'd definitely include Lizardman in that.
     
  20. macduke macrumors G4

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #20
    Honest question: Is there a worse company than FaceBook?
     
  21. thadoggfather, Mar 21, 2019
    Last edited: Mar 21, 2019

    thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #21
    So refreshing when you move past the twitch/subconscious habit of typing in facebook in the URL bar, to shave off all bloat that never mattered in the first place. Unplug from the Matrix, wake up in that slime covered egg womb, and get your time back.


    They'll be the Big Data Enron of this decade. History won't look fondly upon it.
     
  22. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #22
    Every turd knows you salt the password and hash it and never ever store anything other than the hash. The password should never even have been transmitted to Facebook, but that’s a whole other story.

    These guys should be shut down.
     
  23. clayj macrumors 604

    clayj

    Joined:
    Jan 14, 2005
    Location:
    visiting from downstream
    #23
    Either regulate them or split them up. Enough of this BS.
     
  24. zakarhino macrumors demi-god

    zakarhino

    Joined:
    Sep 13, 2014
    Location:
    Berkeley
    #24
    Very grateful for this post. Thank you.
     
  25. B4U, Mar 21, 2019
    Last edited: Mar 21, 2019

    B4U macrumors 68020

    B4U

    Joined:
    Oct 11, 2012
    Location:
    Undisclosed location
    #25
    Never had an account to begin with and loathed them from the beginning.
    Now I just need to convince my pals to move out from WhatsApp and then I can give them the middle finger gesture. (Edit note: fixed a typo)
     

Share This Page

242 March 21, 2019