Facebook in Hot Water as the Company Stored Millions of User Passwords Improperly for Years

click here to see original post

It seems that Facebook is in “hot water” again as the company stored millions of user passwords improperly for years.

Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

What does it mean for you? It means that you need to change your Facebook password right now! It is still difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description.

On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform.

This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.

As a prominent company with billions of users, Facebook knows that it would be a jackpot for hackers, and invests heavily to avoid the liability and embarrassment of security mishaps. Unfortunately, though, one open window negates all the padlocks, bolts, and booby traps money can buy.

Cybersecurity expert Andrei Barysevich of Recorded Future explained:

“There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users’ passwords in plain text.”

The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.2 billion users worldwide.

More Than 600 Millions Facebook Users are Vulnerable

According to the blog, it seems that Facebook may have left the passwords of some 600 million Facebook users vulnerable.

Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy wrote in his statement:

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. Our login systems are designed to mask passwords using techniques that make them unreadable.

To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

Have an Android Phone? Hackers Are Spying You All the Time

A bug that has been present since 2013 allowed hackers to spy on users and gain access to their accounts. It was undiscovered for more than five years, and even now the fix for it is only for newer phones. Users with Android 7 or later should get the fix through Google Chrome updates; Android 5/6 requires a special update through the Google Play store. Older than that, and well, you’re out of luck.

Facebook software engineer Scott Renfro said the company wasn’t ready to talk about specific numbers (such as the number of Facebook employees who could have accessed the data).

Renfro said the company planned to alert affected Facebook users, but that no password resets would be required.

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data. In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

Facebook Coin to Replace US Dollar

Be it as it may, Facebook could be on the path to replace the US Dollar with its own crypto asset as a global currency, claims Ted Livingston.

The founder and chief executive of the Kik messaging app projected the upcoming stablecoin project as a WeChat aspirant. He said that, like the Chinese messenger app, Facebook was attempting to move the US Dollar into a private online payment system. Such a system would not only make it easier for people to transfer money cheaply. But, it would give them reasons to keep their money inside the messenger system.

Livingston thinks this could lead to a scenario where “just as WeChat replaced cash in China, Facebook could soon replace cash in India,” and then ‘Facecoin’ could become “the primary currency for billions of people” as is spreads.

Share !