Facebook has admitted it stored up to 600 million customers’ passwords insecurely
Facebook had stored hundreds of millions of user passwords in plain text since 2012, meaning they could have easily been accessed and read by more than 20,000 of its employees.
The details: In a carefully worded statement, Facebook said it hadn’t found any evidence of abuse, but it promised to start alerting users about the issue. It said people would not need to reset their passwords (although some experts have advised they do so anyway).
You can also opt to receive notifications if an unfamiliar device logs into your account. It’s worth noting the leak was purely internal, so none of the passwords were exposed outside of Facebook’s walls.
Timing: Facebook announced the mishap yesterday in a blog post (innocuously titled “Keeping Passwords Secure”), roughly at the same time as cybersecurity researcher Brian Krebs reported it on his blog. However, Facebook originally found the issue back in January, which does make you wonder if the company would have reported it publicly if left to its own devices.
They just keep coming: This is yet another major embarrassment for Facebook, which spends vast sums of money employing top cybersecurity professionals. Storing passwords in plain text is a terrible practice from a security point of view, and you’d expect better from a company of Facebook’s size and wealth. It seems that not a week goes by without yet more bad news, from the fallout of the Cambridge Analytica scandal (a year ago last weekend) to the range of lawsuits it’s facing across the world.
Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.
Keep Reading
Most Popular
DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.
“This is a profound moment in the history of technology,” says Mustafa Suleyman.
What to know about this autumn’s covid vaccines
New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.
Human-plus-AI solutions mitigate security threats
With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure
Next slide, please: A brief history of the corporate presentation
From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.