Go to listing page

Facebook admits to storing hundreds of millions of user passwords in plain text

Facebook admits to storing hundreds of millions of user passwords in plain text
  • The social media giant has revealed that a large number of user passwords were stored in a ‘readable format’ in its internal systems.
  • Most of the passwords found belonged to users of Facebook Lite -- a smaller version of the Facebook app meant for low data usage.

Facebook disclosed another major privacy revelation in its platforms. In an official blog post, Pedro Canahuati, VP Engineering - Security and Privacy at Facebook told that millions of user passwords were being stored in readable formats. This shocking admission comes days after the social media company’s Messenger application was exposed to a user data-revealing security flaw.

What happened?

  • Facebook revealed that millions of passwords of Facebook Lite and Facebook app users were stored in plain text.
  • Passwords of a significant number of Instagram app users were also stored in the same way.
  • The company blog also mentions that other information such as access tokens had problems that were resolved later.
  • In the revelation, Facebook mentioned that it has implemented security measures to store passwords from then on.
  • As of now, Facebook has said that no security incidents have occurred due to this issue.

Passwords were not visible to outsiders

Canahuati explained that those ‘readable’ passwords were obscured for outsiders. “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” he wrote in the company statement.

The company said that it has boosted security measures for protecting all accounts on the platform. Furthermore, it has advised users to enable security keys or 2FA to secure their account from external attacks.

Cyware Publisher