Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

By now, its difficult to summarize all of Facebooks privacy, misuse, and security missteps in one neat description.

It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform.

Organizations can store account passwords securely by scrambling them with a cryptographic process known as hashing before saving them to their servers. This way, even if someone compromises those passwords, they won't be able to read them, and a computer would find it difficulteven functionally impossibleto unscramble them.As a prominent company with billions of users, Facebook knows that it would be a jackpot for hackers, and invests heavily to avoid the liability and embarrassment of security mishaps.

On April 18, four weeks after the initial disclosure, the company sharply revised the number of affected Instagram accounts upward.

Facebook now estimates that the incident caused "millions" of Instagram passwords to be stored in plaintext, rather than tens of thousands.

For such a prominent target, Facebook has had relatively few technical security failures, and in this case appears not to have been compromised. But the companys track record was severely marred by a breach in September, in which attackers stole extensive data from 30 million users by compromising their account access tokensauthentication markers generated when a user logs in.

Facebook says that the plaintext password issue is now fixed, and that it doesnt think there will be long-term impacts from the incident, because the passwords were never actually stolen.

Original article
Author: Wired

Wired has recently written 10 articles on similar topics including :
  1. "A report says Facebook is seeking investors for its planned cryptocurrency, and merchants who might accept the virtual coin". (May 4, 2019)
  2. "Facebook reportedly bans Huawei from installing its apps, including Instagram and WhatsApp, on new phones". (June 7, 2019)
  3. "Tim Wu, who coined the phrase "net neutrality," spoke with WIRED Editor-in-Chief Nicholas Thompson at the Aspen Ideas Festival". (July 5, 2019)
  4. "The executive, in announcing his departure, was the last of the Oculus founders still at the company". (August 13, 2019)
  5. "The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny". (July 17, 2019)
  6. "The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it". (August 21, 2019)
  7. "On this episode of Gadget Lab, WIRED writer Greg Barber explains the intricacies of Facebook’s ambitious plan to and how Libra is poised to rattle the future of crypto". (July 13, 2019)
  8. "Alex Jones, Infowars, Laura Loomer and Milo Yiannopoulos are expelled from Facebook and Instagram, but the ban's rollout went awry". (May 3, 2019)
  9. "Wellness brands Hims and Hers violate Facebook policies by offering prescription drugs in ads. The ads also don't disclose side effects, as required by the FDA". (July 1, 2019)
  10. "Facebook’s latest report lays out the sheer scale of its battle against fake accounts, spam, and other abuses". (May 24, 2019)
Posted on  , ,