Not only is Facebook one of the most popular and
However, the California-based company yet again succumbed to a major breach in their security. As following a report by KrebsonSecurity, the passwords of 200 to 600 million users across three of its major platform including Facebook Lite and Instagram were stored in a plaintext format, with some accounts dating back all the way to 2012. If put simply, this means that a number of Facebook employees were able to search and accessed the passwords of the affected users.
The report, which also has inputs from a major source within the organisation, says that logs in the internal servers showed an estimate of 9 million queries were made by 2,000 Facebook developers and engineers to access data that contained these plaintext user passwords. “The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds of affected users. Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse,” the source said in the report.
Pedro Canahuati, Vice president of engineering, security, and privacy released a statement which called for calm and assured its users that neither the passwords were accessed by someone outside the organization structure, nor did anyone on the inside abuse or
The statement also said that the affected users will be notified about the breach. “In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them. There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he added.
Twitter too has dealt with a plaintext password bug in May 2018, but it did not require people to change their passwords, along with the fact that the exposed passwords were available to a relatively smaller number of employees for a far shorter period of time. Usually, the norm of storing passwords is to scramble them using a cryptographic process called hashing. This makes the passwords safe even if there is unauthorized access. Whilst Facebook claims that the problem has been solved, such a small room for error makes the heavy investments to avoid security mishaps virtually negated.