BREAKING: Facebook Stored Passwords In Plain Text For Years…. Another Reason To #DeleteFacebook

Brian Krebs has an exclusive story on his blog, which for the record should be a must read for the security conscious out there, which details that Facebook hundreds of millions of passwords in plain text for years:

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing the causes of a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

This is just mind blowing. And that’s not easy to say given Facebook’s security lapses have been blowing minds for over a year now. The fact that Facebook says that this hasn’t been exploited doesn’t mean anything. The fact that this problem exists illustrates yet again that Facebook when it comes to securing data is not to be trusted. Ever. They are too busy trying to make a buck off of their users to take any sort of reasonable steps to protect their user base. If this isn’t a reason to join team #DeleteFacebook, I don’t know what would be.

UPDATE: One thing that I forgot to mention is that you should change your Facebook password right now. Though deleting your Facebook account is another good option.

UPDATE #2: This statement from Facebook indicates that this affects Facebook Lite and Instagram users too.


3 Responses to “BREAKING: Facebook Stored Passwords In Plain Text For Years…. Another Reason To #DeleteFacebook”

  1. Corey Ruth Says:

    How does a tech company even let something like this happen? Wow.

  2. […] might recall that back in March,  those fine people at Facebook who happen to own Instagram has this happen to […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: