Facebook Stored Passwords in the Form of Plaintext on Server

Facebook Stored Passwords in the Form of Plaintext on Server


Once again Facebook Inc. is in trouble. After facing a year of arguments and conflicts, the company expected to see a new era in 2019. But unfortunately, the case is not that easy. The social media giant left hundreds of millions of user passwords as an open book on its internal server. The move left them vulnerable to potential misuse by employees and hackers. Also, it is an alarming oversight by the social platform. It has been reported that the passwords of Facebook users were vulnerable to 20,000 Facebook employees. Brian Krebs, the security researcher, exposed the news about the company’s failure while protecting user data.

According to the reports of Krebs on Security, the social media giant stored hundreds of millions of users’ passwords in the form of plain text. Even more, developers and engineers accessed the passwords stored on server millions of times. Krebs says around 200-600 million Facebook users affected due to the act. Pedro Canahuati, VP, Security, and Privacy Engineering at Facebook, confirmed the news on Thursday. He admitted that the company stored account passwords in plaintext for many years. Pedro said Facebook discovered the fact in January during a routine security checkup. The company has since verified the jaw-dropping security failure. Whereas, Facebook insists it has fixed the problem.

The company says it did not found any proof regarding data misuse by employees. The social media giant also revealed the passwords were not exposed out of the company. Thus it recommends users that there is no need to reset or change their passwords. The company says the problems affected users of Facebook, Instagram, and Facebook Lite. On the other hand, Krebs said up to 600 million users could be affected, i.e., about 20% from 2.7 billion Facebook users. In the end, the news arrives after an announcement about privacy by the CEO Zuckerberg. Recently, Facebook CEO revealed that the company was doubling down on privacy and assuring the safety of user data.

Leave a Reply

Your email address will not be published. Required fields are marked *