Skip to Content
Silicon Valley

Facebook has admitted it stored up to 600 million customers’ passwords insecurely

March 22, 2019

Facebook had stored hundreds of millions of user passwords in plain text since 2012, meaning they could have easily been accessed and read by more than 20,000 of its employees.

The details: In a carefully worded statement, Facebook said it hadn’t found any evidence of abuse, but it promised to start alerting users about the issue. It said people would not need to reset their passwords (although some experts have advised they do so anyway).

You can also opt to receive notifications if an unfamiliar device logs into your account.  It’s worth noting the leak was purely internal, so none of the passwords were exposed outside of Facebook’s walls.

Timing: Facebook announced the mishap yesterday in a blog post (innocuously titled “Keeping Passwords Secure”), roughly at the same time as cybersecurity researcher Brian Krebs reported it on his blog. However, Facebook originally found the issue back in January, which does make you wonder if the company would have reported it publicly if left to its own devices.

They just keep coming: This is yet another major embarrassment for Facebook, which spends vast sums of money employing top cybersecurity professionals. Storing passwords in plain text is a terrible practice from a security point of view, and you’d expect better from a company of Facebook’s size and wealth. It seems that not a week goes by without yet more bad news, from the fallout of the Cambridge Analytica scandal (a year ago last weekend) to the range of lawsuits it’s facing across the world.

Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.

Keep Reading

Most Popular

This startup wants to copy you into an embryo for organ harvesting

With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

VR is as good as psychedelics at helping people reach transcendence

On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

This nanoparticle could be the key to a universal covid vaccine

Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.