Facebook Stored Up to 600 Million User Passwords in Plain Text Facebook engineers built applications that stored unencrypted passwords on internal servers which could be searched by over 20,000 employees.

By Matthew Humphries

This story originally appeared on PCMag

via PC Mag

It looks as though Facebook is in hot water once again today as it has been revealed up to 600 million Facebook users had their passwords stored in plain text on the social network's internal servers as far back as 2012.

As KrebsonSecurity reports, a Facebook source who asked for anonymity confirmed that between 200 and 600 million users had their passwords stored free of encryption on the company's servers. The data was being collected by a number of applications, leaving them available to view in plain text. The internal servers are accessible by over 20,000 employees, meaning any of them could have searched the list and potentially abused the data.

Facebook is thought to be carrying out an internal investigation to see how this managed to happen. What's of most concern is around 2,000 Facebook engineers are thought to have queried the password data over nine million times.

Scott Renfro, an engineer at Facebook, has confirmed to Krebs that Facebook users will be informed of what happened today, but that, "We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data." Before that happens, Facebook has been looking to see which, if any of the passwords have, "signs of abuse" because it's only those users that will need to be told to change their password. As it currently stands, no resets are expected to be necessary.

Facebook has known about the plain text passwords since January when a review carried out by security engineers noticed the passwords being logged. A task force was then created to review the situation and an investigation carried out so as to instigate, "long-term infrastructure changes to prevent this going forward."

A written statement from Facebook sent to Krebs states that notifications will be sent to, "hundreds of millions of Facebook light users, tens of millions of other Facebook users, and tens of thousands of Instagram users."

Matthew Humphries

Senior Editor

Editor's Pick

Related Topics

Social Media Facebook Passwords Cybersecurity

Most Popular

See all
Business News

Renowned Federal Judge, 96, Faces Yearlong Suspension For Refusing to Retire

Judge Pauline Newman, a highly respected figure in patent law, has been suspended for one year by her colleagues due to mounting concerns about her mental fitness.

By Madeline Garfinkle
Growing a Business

Do Unplug Days Lead to Productivity? The Answer May Surprise You.

Unplug Day are days when companies give employees the freedom to step away from their desks, attend zero meetings, and even take the day off entirely. This emerging trend is designed to combat burnout and promote work-life balance, and thus boost productivity.

By Gleb Tsipursky
Business News

Google Is Being Sued By the Family of a Man Who Died When Maps GPS Led Him Off a Broken Bridge

Philip John Paxson, 47, was found dead on September 30, 2022.

By Emily Rella
Business Plans

Is the 9-5 Lifestyle Over? How the Gig Economy Will Impact the Future of Work

As the gig economy grows, it is crucial for stakeholders, including governments, businesses and workers, to collaborate in crafting balanced regulations that safeguard the rights and well-being of gig workers while fostering innovation and adaptability.

By Kartik Jobanputra
Science & Technology

5 Mistakes I Learned to Avoid When Working With ChatGPT

What I learned from using ChatGPT for business purposes day-to-day across my content websites.

By Anat El Hashahar (Anne Moss)
Cryptocurrency / Blockchain

Why the Next Crypto Bull Run Will Be Like Nothing We've Ever Experienced

We are on the precipice of what could be the greatest transfer of wealth that has ever happened in human history.

By Solo Ceesay