Facebook failed to encrypt passwords endangering 200mn to 600mn accounts

Facebook failed to encrypt passwords endangering 200mn to 600mn accounts

It’s high time when you must change your password on Facebook although not recommended by experts on Facebook but, it is something you can do to steer away from the latest data breach on the social networking giant that has more than 2.5 billion active users and counting. This was brought to light after a senior executive Mark Zuckerberg’s Facebook reached out to KrebsOnSecurity to discuss on condition of anonymity.

According to the report published by KrebsOnSecurity, many engineers and developers at Facebook developed applications that allowed them to stored passwords of users in an unencrypted format i.e. plain text on internal company servers. Although the source strongly asserts that no illegal or unlawful or improper use of the passwords has been recorded yet, but the internal investigation going around Facebook reveals that as much as 200 million to 600 million Facebook users were affected with the data breach.

Further, since the passwords were available in an encrypted format, more than 20,000 employees at Facebook could have searched for it, however, the source asserts that only 2,000 employees made around nine million queries related to elements that needed passwords in a plain text format.

Anyhow, Facebook software engineer Scott Renfro stated that they aren’t authorized to state the number of affected users, however, since the discovered passwords haven’t been used in any wrongful way, there is no need to reset the passwords (for affected users) and that Facebook will contact those affected as well.

Renfro said that they haven’t found any signs of misuse of the discovered data that goes as far as 2012. The data breach affected millions of Facebook and Facebook lite users including tens of thousands of Instagram users as well since Instagram is Facebook-owned and takes the latter’s credentials to log into the Instagram account.

Per KrebsOnSecurity, in past, Twitter and Github were discovered to have undergone a similar snafu, however, the difference was that the data was available for a limited number of people over a short period of time unlike Facebook which is large and the data has been accessible for almost six years now.

Back in January this year, security engineers at Facebook were reviewing password-related codes when they discovered that some passwords have been saved inadvertently. This set off a chain of actions trying to mitigate the issue where the social networking giant found out about the duration and the amount of data logged inadvertently into the internal servers that were extracted from the archives.

Although engineers at Facebook haven’t asked people irrespective if they were affected or not, to not to change the password, there is a large couple of experts that asserts that you must change the passwords of your profiles and accounts every now and then to steer away from such breaches.

Leave a Comment

Scroll to Top