An ongoing investigation has revealed that hundreds of millions of Facebook users had their account passwords stored in plain text and accessible to by thousands of Facebook employees according to a report from the security publication Krebs on Security.
A senior Facebook employee who is familiar with the investigation and spoke on condition of anonymity to Krebs on Security confirmed that indeed the company is probing a series of security failures in which Facebook employees built applications that logged unencrypted password data for up to 600 million Facebook users and stored it in plain text on internal company servers.
The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way.”
Earlier in March, the company was under scrutiny from security and privacy experts for using phone numbers marketing, advertising and making users searchable by their phone numbers instead for security reasons like two-factor authentication.
Image Credits: Naked Security