Facebook admits that it stored at least 600 million passwords in plain text, with employees having access to the files for years
08/01/2019 // Vicki Batts // Views

Facebook is under fire yet again -- and this time, it's for leaving hundreds of millions of user passwords unprotected. Security researcher Brian Krebs reports that a company oversight left up to 600 million exposed because they were stored in plain text. Leaving the passwords in plain text format means that the information was readable and searchable among 20,000 Facebook employees.

Storing passwords in plain text is a huge security risk for anybody -- and when you've got 20,000 employees with access to an unprotected password storage bank, things can really start to look grim. According to the report, the plain text password issue could affect users of Facebook, Facebook Lite and Instagram --and in some cases, the password information dates as far back as 2012. While Facebook has gotten into an awful lot of trouble lately for selling data and violating user privacy, this is an issue that could have been entirely avoided -- had the proper security precautions been taken.

600 million passwords stored in plain text

Facebook officials say that they first became aware of this major security flaw back in January. As of March, the company was still working on notifying all users whose information had been compromised. According to Facebook, there is no evidence that the plain text password information has been abused or wrongly accessed.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," the company said in a statement.


Facebook software engineer Scott Renfro told Krebs, of Krebs On Security, that the passwords were "inadvertently logged" but that there is "no actual risk."  Because of the "low risk," Facebook said it was not requiring any users to reset their passwords.

"We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse," Renfro said.

After accidentally exposing 600 million passwords, you'd think Facebook would at least suggest users update their passwords for safety. But Big Tech seems to think itself invincible. While the folks at Facebook say there is no "evidence" that the passwords have been abused, the fact remains that they were indeed vulnerable.

Facebook was negligent

The report from Krebs reveals that the plain text passwords were linked to nine million internal searches conducted by 2,000 engineers. According to Krebs, this "bug" dates all the way back to 2012 -- and Facebook only just discovered it in  January 2019.

The truth about whether or not these passwords have been compromised may not come out until they're found on the dark web. Facebook claims there is no evidence the passwords were "internally abused," but the problem is that they were negligent -- they failed to employ basic security measures that even the smallest companies know to use.

Facebook has gotten a lot of much-deserved criticism for how reckless they've been with user data and privacy. The selling of user data has been a particularly sore spot for the social media company, and the company has faced repeated investigations for their behavior. While Facebook executives wax poetic about how important protecting user information is to them, their actions speak differently.

See more coverage of the latest controversies in tech at Glitch.news.

Sources for this article include:




Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.