Summary
Facebook has fixed a security issue wherein around 200 million passwords in plain texts were saved in its database which was in 'readable' format and could be searched by thousands of its employees. According to a report by KrebsOnSecurity, around 200–300 million Facebook users might have their account passwords stored in plain texts, which allowed it to be searchable to around 20,000 Facebook employees. Facebook later claimed in a blog post that as a part of their routine security review in
Highlights:
- Facebook has fixed a security issue where millions of user passwords stored in plain, readable text format were searchable to thousands of its employees. "We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way," wrote Pedro Canahuati, VP (Engineering, Security and Privacy) at Facebook.
- "We have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify this to hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users", the company said. "Out of an abundance of caution, we are telling people so that they can change passwords if they choose," Facebook tweeted.
- Facebook also came under scrutiny over asking for phone numbers from its users for things like advertising and making users searchable by their phone numbers across platforms. It was similar to a two-factor authentication (2-FA). "Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you," Facebook had said.