Facebook stored hundreds of millions of passwords in plain text

Discussion in 'Current Events' started by Loublaze, Mar 21, 2019.

  1. Mar 21, 2019
    #1

    Loublaze ATLien

    Joined:
    Aug 30, 2009
    Messages:
    15,351
    https://www.cnn.com/2019/03/21/tech/facebook-password-database/index.html

    New York (CNN Business)Facebook is back with another mea culpa.

    This time, the company acknowledges that it mishandled sensitive passwords for hundreds of millions of its users, primarily those who use its Facebook Lite product. The disclosure casts doubt on the company's abilities to protect its users' information as it focuses more on privacy.
    On Thursday, Facebook (FB) said it didn't properly mask the passwords of hundreds of millions of its users and stored them as plain text in an internal database that could be accessed by its staff.
    The company said it discovered the exposed passwords during a security review in January and launched an investigation. Facebook did not say how long it had been storing passwords in this way.


    Facebook shared information about the security incident publicly soon after it was first reported by Krebs on Security.

    "To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday in a post titled, "Keeping Passwords Secure."

    He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

    A Facebook spokesperson told CNN Business the password issue primarily but not exclusively affected systems associated with Facebook Lite. Hundreds of millions of users of Facebook Lite had been impacted, while tens of millions of regular Facebook users and tends of thousands of Instagram users were affected, the company said. Facebook Lite — a simplified version of Facebook designed to work on slower internet connections — is popular among people in parts of the world with less connectivity.
    Facebook said it will be notifying affected users.
    Keeping passwords hashed, or encrypted, is widely regarded as fundamental to cybersecurity.
    "Encrypting passwords is Security 101," said Marcus Carey, the CEO Threatcare, an Austin cybersecurity company. "If they can't get the basic principles of cybersecurity right, they are surely failing on the tougher challenges."

    In Europe, Facebook is headquartered in Ireland, where it is regulated by the Irish Data Protection Commission. A commission spokesperson told CNN Business that Facebook had informed it of the issue and that it was awaiting further information. The commission currently has several investigations into Facebook's compliance with European data laws ongoing; the company could face fines upwards of $1 billion as a result of those investigations.

    The news comes days after the one year anniversary of the Cambridge Analytica scandal in which it was revealed that Facebook shared the personal data of as many as 87 million users with a political data firm. It's since been a year of near constant issues for Facebook, including reported criminal investigations, a possible record fine from the FTC, the departure of numerous high-ranking executives, regulatory scrutiny in the US and Europe, and a lengthy outage just last week.
    The company has faced a number of cybersecurity problems, too. In September, an attack on Facebook exposed the private profile information for nearly 50 million of the social network's users. In addition, Facebook announced in December it exposed the private photos as many as 6.8 million users without their permission.

    Earlier this month, the company said it was pivoting to a privacy-focused model by adding end-to-end encryption to its various messaging services.


    Is anyone really surprised at this? Facebook has been getting sloppy lately but this is the social media platform with an owner who hacked into hundreds of thousands of user emails when he was a sophomore at Harvard. Big brother's biggest branch needs to tighten up
  2. Mar 22, 2019
    #2

    The Firestarter Full Member

    Joined:
    Apr 8, 2010
    Messages:
    8,316
    This year is shaping to be even worse for Fakebook than the previous one. The big service disruption and now this gem. Seriously, how amateurish can this get for a web app that has billions of users? Storing passwords in plaintext...can't get dumber than that.

    If passwords are treated with such regard , I can't imagine what happens to juicier photos...probably they have wankathons .

    Fecking creeps.
  3. Mar 22, 2019
    #3

    VeevaVee despite the protests, wears Ugg boots

    Joined:
    Jan 3, 2009
    Messages:
    29,667
    They're a joke.
  4. Mar 22, 2019
    #4

    Carolina Red Moderator Staff

    Joined:
    Nov 7, 2015
    Messages:
    18,345
    Location:
    South Carolina
    They’re a clusterfeck.
  5. Mar 22, 2019
    #5

    Florida Man Cartoon expert and crap superhero

    Joined:
    Jan 24, 2014
    Messages:
    7,500
    Location:
    Florida, man
    Who here uses Facebook Lite? I've never heard of it before.
  6. Mar 22, 2019
    #6

    berbatrick Full Member Scout

    Joined:
    Oct 22, 2010
    Messages:
    11,820
    *raises hand*

    I had an old phone and it was faster to open.
  7. Mar 22, 2019
    #7

    Sky1981 Fending off the urge

    Joined:
    Apr 12, 2006
    Messages:
    21,067
    Location:
    Under the bright neon lights of sincity
    This is wow all over again

    Good job bliz. I'm gonna cancel my x years sub.

    Keep on playing and complaining.

    I dont use facebook much these days, i just keep them on for existence and incase old friend wanna look me up
  8. Mar 22, 2019
    #8

    Ian Reus Ended 14 years of Grand National sweepstakes

    Joined:
    Aug 22, 2014
    Messages:
    6,473
    Location:
    Belfast
    3 million of then were '1234'.
    And another 2 million were 'Password1'.
  9. Mar 22, 2019
    #9

    crappycraperson "Resident cricket authority" Scout

    Joined:
    Dec 26, 2003
    Messages:
    35,095
    Location:
    Interweb
    WTF. Even more than a decade ago the first demo project I created during my internship, encryption was used to store passwords in any database.
    Last edited: Mar 22, 2019
  10. Mar 22, 2019
    #10

    UweBein Full Member

    Joined:
    Sep 20, 2014
    Messages:
    1,897
    Location:
    Köln
    Supports:
    Chelsea
    me2
  11. Mar 22, 2019
    #11

    golden_blunder Site admin. Manchester United fan Staff

    Joined:
    Jun 1, 2000
    Messages:
    88,682
    Location:
    Dublin, Ireland
    Who cares?
  12. Mar 22, 2019
    #12

    Ian Reus Ended 14 years of Grand National sweepstakes

    Joined:
    Aug 22, 2014
    Messages:
    6,473
    Location:
    Belfast
    My mother, since she opens a new account every 3 months after being banned for racism.
  13. Mar 22, 2019
    #13

    vangagal Full Member

    Joined:
    Nov 28, 2015
    Messages:
    2,800
    Location:
    Far away from home
    Is anybody still using facebook?
  14. Mar 22, 2019
    #14

    golden_blunder Site admin. Manchester United fan Staff

    Joined:
    Jun 1, 2000
    Messages:
    88,682
    Location:
    Dublin, Ireland
    Is your mum a racist?
  15. Mar 22, 2019
    #15

    Ian Reus Ended 14 years of Grand National sweepstakes

    Joined:
    Aug 22, 2014
    Messages:
    6,473
    Location:
    Belfast
    Yep. She's clueless mostly.
    She refused to get on a plane once because an Asian fellow was boarding. Even after being told he was Indian, she said, "he's still a Paki.
    I refuse to go out in public with her.
    Sorry, white that word out if it's not allowed.
  16. Mar 22, 2019
    #16

    golden_blunder Site admin. Manchester United fan Staff

    Joined:
    Jun 1, 2000
    Messages:
    88,682
    Location:
    Dublin, Ireland
    My mum once stopped in the street and stared at a black guy and said something like “look at that black guy!” really loud. Old ladies of a certain age in NI haven’t a clue
  17. Mar 22, 2019
    #17

    Ian Reus Ended 14 years of Grand National sweepstakes

    Joined:
    Aug 22, 2014
    Messages:
    6,473
    Location:
    Belfast
    Oh ffs. :lol:
    And to think we let them run loose in Spain once or twice a year.
  18. Mar 22, 2019
    #18

    golden_blunder Site admin. Manchester United fan Staff

    Joined:
    Jun 1, 2000
    Messages:
    88,682
    Location:
    Dublin, Ireland
    Oh my ma doesn’t go abroad, portrush for her. She’s got dementia now so can’t travel anyway but the one and only time she flew was to go to America as my brother was graduating. I wasn’t there but apparently she went around talking loudly about black guys oblivious to the fact that they could hear her and may have been offended
  19. Mar 22, 2019
    #19

    Ian Reus Ended 14 years of Grand National sweepstakes

    Joined:
    Aug 22, 2014
    Messages:
    6,473
    Location:
    Belfast
    My ma heads there every year too but apparently it's, "getting worse that bloody place."
  20. Mar 22, 2019
    #20

    Adisa likes to take afvanadva wothowi doubt

    Joined:
    Nov 28, 2014
    Messages:
    34,102
    Location:
    Birmingham
    I can't believe there isn't more pressure for Zuckerberg to go.