Facebook Stored Millions of Passwords Without Any Encryption

Posted on March 22, 2019 by Mehedi Hassan in Social with 11 Comments

Facebook is back with another security problem.

This time, it’s your actual passwords. The company reported yesterday that it stored millions of user passwords in plain text, without any hashing/encryption. That meant your passwords were in a readable format, allowing Facebook employees to know your exact password with simple database queries.

Facebook says the passwords were not accessed by anyone from outside the company, and it hasn’t been abused internally, either. That still doesn’t change the fact that user passwords were completely accessible to Facebook employees internally.

Facebook isn’t sharing exactly how many users were impacted, but security research site KerbsOnSecurity reports that around 200-600 million users were impacted. It seems like the issue originated from Facebook’s Lite apps, a version of the company’s app that uses fewer resources. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity,” the company said in a blog post.

Facebook insists the passwords weren’t exposed externally, and it “didn’t find any evidence of abuse” to date. So your account may have not been compromised, but the company will still notify affected users, suggesting them to change their passwords for safe measures.

Either way, with Facebook already going through so much privacy and security controversies, this just makes things worse. It’s almost like there’s a new Facebook security related problem every other week, and with the company shifting its focus to protect user data, this is not a good start.

Tagged with ,

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register