Facebook users told to change their passwords after huge security fail

Gerald Bowen
March 24, 2019

Tech analysts are scrutinizing Facebook after recent reports reveal the social media company left millions of passwords open to staff members.

Meanwhile, in the update provided by Facebook, they explained how user passwords are protected, reiterating how they "mask" the private information upon account creation so that no one within the company could see them.

In a security notification penned by vice-president of engineering, security, and privacy Pedro Canahuati and embarrassingly entitled 'Keeping Passwords Secure', Facebook has confirmed that 'as part of a routine security review in January' it discovered it had been storing 'some user passwords' in plain text format - rather than the industry standard of storing only a salted one-way hash of the password, which can be compared to a hash of a submitted password for verification.

In September past year, it said information on 50 million users had been exposed by a security flaw. However, Facebook has officially stated that its own investigation has found that none of its employees has improperly accessed these plain text user passwords so far.

Nasa astronauts replace solar batteries on the ISS
NASA is about halfway through replacing 48 batteries with ones that are expected to last the remainder of the station's life. Changing batteries in orbit took some huffing and puffing and some intricate maneuvering by two spacewalkers Friday.

John Calipari Reportedly Has ‘Serious Interest’ In The Coaching Job At UCLA
Abilene Christian: It didn't take long to figure out this team simply wasn't in the same class as Kentucky. John Calipari attempted to quell the concerns of nervous Kentucky fans on the eve of the NCAA tournament.

Somali: 5 people including deputy minister killed in Al-Shabaab attack
Dozens of people in Somalia's capital are believed to be trapped inside a government building amid an Islamic extremist attack. Al Shabaab said one of its fighters had rammed the ministry building with a suicide vehicle bomb, allowing others to enter.

Facebook was relatively quick to react, saying it will notify its users of what happened.

According to a report by KrebsOnSecurity, Facebook has stored around 200 - 600 million users' passwords in a readable format (or plain text) in their internal servers for nearly seven years. They have also built applications that logged plain text users' password data.

And its investigation showed that most of the people affected were users of Facebook Lite, which tends to be used in nations where net connections are sparse and slow. Despite this, the social network giant Facebook says there is evidence that at least 2000 employees have searched through the files containing the passwords stored in plain text. Facebook Lite users (the lightweight version for slow-speed, low-spec devices), Facebook users and Instagram users will be notified. "Don't use your Facebook password for any other login, particularly for personal/professional email accounts or online banking", said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

"The challenge for the hacker is that they still have to get to the system where the passwords are stored and that is a server somewhere inside the company".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER