According to Facebook, the passwords of hundreds of millions of users have been stored in clear text by Facebook, which exposes them for years. Krebs on security. Users' passwords are usually protected by encryption (a process called hash), but a series of errors has led some Facebook brand applications to leave passwords accessible to as many as 20,000 employees of the company.
It is estimated that 200 to 600 million Facebook users have been affected, according to estimates. Krebs, who reported for the first time the security breach. Facebook has confirmed the problem in a blog post, entitled "Keeping passwords secure", and said that the company had identified the problem in January as part of a security review. Facebook says that it has solved the problem and will inform everyone involved.
According to Facebook, there is no indication that unencrypted passwords have been revealed outside the company or that they have been abused internally. As a result, users will not be forced to reset their passwords. The problem has affected "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users," says the company. .
Although there is no evidence of abuse, at least 2,000 Facebook employees searched through files containing passwords, although the reason for their use is not clear. The registration of passwords would have started as early as 2012.
This is the latest in a series of security issues for Facebook. In October, a hacker was able to access personal information from 29 million accounts after stealing connection tokens. Previously, it had been found that 81,000 users of pirated private messages had been put on sale. And none of this includes the large-scale inappropriate data sharing problems that began with Cambridge Analytics and began to pressure the company to change its practices.