Facebook seems to be courting one controversy after another and things seem to be not going that well for the social media giant. In yet another case of serious goof up, Facebook mistakenly stored “hundreds of millions” of passwords in plaintext and these were not protected by encryption, as reported by The Guardian.
The company’s blog goes on to state that some of the passwords were stored in a readable format within the internal data storage systems.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way,” the blog adds.
According to the social media giant, “This latest lapse affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
Speaking about this latest lapse on part of Facebook, vice-president for engineering, security, and privacy, Pedro Canahuati, said:
“We have found no evidence to date that anyone internally abused or improperly accessed the passwords, which were never visible to anyone outside of Facebook.”
Security reporter Brian Krebbs, citing a senior Facebook insider noted:
“Access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plaintext user passwords.”
The company takes every care that if passwords are hacked they can’t be used and users’ data is safe. As per the company’s blog, the passwords are ‘hashed’ and this process transforms each password into a unique ‘hash’ and this means that even two identical passwords will produce different ‘hashes’.
According to Krebs, around 600 million users could be affected—which accounts for nearly one-fifth of the company’s 2.7 billion users, but the social media giant has yet to confirm the figure.
Source: The Guardian