Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security🔒 krebsonsecurity.com
You could definitely put this in the bucket of ‘Hey, people make mistakes’. I would be surprised if Facebook engineers intentionally stored passwords in plain text, but this data wasn’t just sitting on a server somewhere.
The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.
The article says “logs showed some 2,000 engineers” accessed this data. How is it that nobody reported this? It’s much more concerning to me that none of these 2,000 engineers seemed to see this as a problem.Posted on March 21, 2019 →