Facebook Plain-text Password Storage Controversy

Facebook Plain-text Password Storage Controversy

Part of a series on Facebook / Meta. [View Related Entries]

Updated Mar 22, 2019 at 02:47PM EDT by Matt.

Added Mar 22, 2019 at 02:26PM EDT by Matt.

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.

Overview

Facebook Plain-text Password Storage Controversy refers to the ongoing reaction to reports that Facebook stored hundreds of millions of user data in plain text documents that could be viewed by the company's employees. The company has since confirmed the issue.

Background

On March 21st, 2019, the website KrebsOnSecurity[1] published an article entitled "Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years." The article states that "between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees." These passwords date back as far as 2012.

The piece states:

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Developments

Facebook Response

That day, in a blog post, Facebook[2] confirmed the issue and said that they would be notifying "everyone whose passwords we have found were stored in this way." The post continues:

These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users

Online Reaction

The issue was discussed on several subreddits, including /r/webdev,[3] /r/worldnews,[4] /r/privacy/,[5] /r/The_Donald [6] and more. On March 21st, Redditor[7] apetrik posted about the controversy in the /r/news subreddit. The post received more than 7,100 points (97% upvoted) and 460 comments.

Media Coverage

The story was covered by various news media outlets, including Yahoo, [8] Wired,[9] TechCrunch,[10] NPR,[11] The New York Times,[12] The Daily Dot [13] and more.

On March 21st, CBS News published a story on the controversy (shown below).



Search Interest

External References

Recent Videos

There are no videos currently available.

Recent Images

There are no images currently available.


Top Comments

classified
classified

>"Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data."

But it'll be pretty damn easy once someone wishes to do so. This is very irresponsible for something as big as Facebook.

+20
CatsGoneWildVol4
CatsGoneWildVol4

I'm a total scrub of a coder, who has never even properly commercially made a website and only dabbled in PHP, Node.js and Javascript for fun in my spare time AND EVEN I KNOW HOW TO HASH A PASSWORD BEFORE STORING IT IN A DATABASE.

I mean ffs that's like the absolute number 1 beginner level of basic security to protect your user's passwords and their accounts. Oh my god how bad do you have to be at your job to think storing passwords in plain text is even remotely OK?!

+11

+ Add a Comment

Comments (15)


Display Comments

Add a Comment


Hauu! You must login or signup first!