600 Million Facebook Passwords Left Exposed For Years

2,000 FB engineers or developers made around 9 million internal queries using the data set that contained users’ passwords, stored in plain texts.

Facebook has been involved in many privacy and security scandals for years. From practicing controversial policies and misusing users’ data to losing tens of millions of users’ accounts to a group of hackers, FB has seen it all.

However, the latest incident has put even a bigger question mark on the cybersecurity practices and infrastructure of a company that deals with billions of users worldwide.

So, What Really Went Down?

Do you remember Twitter’s security mishap that happened last year? The social media company involuntarily stored users’ passwords in plain texts because of a bug in its internal system.

Well, a similar incident transpired on Facebook. A senior FB source revealed it to KrebsOnSecurity that the granddaddy of the social media industry had been storing hundreds of millions of users’ passwords in plain texts, making it easily accessible and readable to its twenty thousand personnel working there, coming and leaving the office every day.

The bug affected not only Facebook users but FB Lite and Instagram users as well.

Once the news was made public via KrebsOnSecurity, the social media giant published its statement, confessing that they did store the passwords in a readable format.

Usually, companies deploy state-of-the-art cryptographic technologies to encrypt their users’ data. It is because of the advanced encryption; the data remains safe even in the event of any data breach. In Facebook’s case, the company mentioned that the incident was caused by bugs in its internal mechanisms.

Moreover, Facebook’s vice president of engineering, privacy, and security mentioned in the statement that the team came across the bugs in January while carrying out a standard security review. And because of the complexities involved in the case, the investigation took two months to release the findings.

The Biggest Issue

The company claimed that it fixed the bug. However, it doesn’t ease users’ worries since their passwords have been exposed to thousands of individuals for years. The company also stated in its statement that the data wasn’t accessed by any individual outside the company. Plus, it also ensured that no one from inside the company “abused or improperly accessed” the data.

However, users on social media networks have voiced their concerns about why the 2,000 employees who queried the data triggered any flag. In fact, some users also discussed possibilities that any of the employees could have used the credentials to log in after disabling location tracker or using incognito mode.

Though the social media company has stated that it would notify the Facebook Lite, Facebook and Instagram users who were affected, however, it is better to change your FB password just to be on the safe side.

An information security analyst in the making, a father of an adorable kid and a technology writer (Contributor). He can be found lurking around top network security blogs, looking for scoops on information security and privacy trends.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.