Facebook stored millions of unencrypted passwords on its computer servers
Source: CBS News
Facebook on Thursday said it had for years stored millions of user passwords in plain text, a significant oversight for a company that remains in the spotlight for failing to protect users' privacy. A Facebook executive said in a post that the un-encrypted passwords were stored on internal servers and were not accessible to outsiders.
Despite such reassurances, privacy experts were quick to express concern: "Security rule 101 dictates that under no circumstances passwords should be stored in plain text, and at all times must be encrypted," said cybersecurity expert Andrei Barysevich of Recorded Future. "There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users' passwords in plain text."
The security blog KrebsOnSecurity said some 600 million Facebook users may have had their passwords stored in plain text. Facebook said it would likely notify "hundreds of millions" of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users of the issue.
Facebook said it discovered the problem in January. But according to Krebs, in some cases the passwords had been stored in plain text since 2012. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.
Read more: https://www.cbsnews.com/news/facebook-password-list-facebook-discovered-piles-of-unencrypted-passwords-on-its-servers/
sarcasmo
(23,968 posts)FormerOstrich
(2,703 posts)SOC I or II audits cuz that will damn sure get you dinged. Plain text? Tech company? Nope...marketing company that markets you (those with facebook accounts).
I'll never understand why anyone still has a facebook account....
wait for it.........."but I only use it to keep in touch with my family"..........the concerns don't concern me.
C Moon
(12,221 posts)defacto7
(13,485 posts)htuttle
(23,738 posts)How can they possibly pass PCI standards with crap like this??
Jedi Guy
(3,246 posts)I work in audit and compliance for a financial company. When I explain to people (especially managers...) what PCI compliance is and why it's important, I get mainly blank looks. The prevailing opinion is "we'll figure it out when the crisis happens." It's infuriating.
kimbutgar
(21,177 posts)Were pretending they were my frieinds.
moreland01
(740 posts)Facebook account on Sunday. I've had some of those moments where I pull down my bookmarks menu to open it and it's not there any longer and I say "Oh Yeah, I'm done with Facebook!". Other than that, I have't missed it. Good riddance!!!
sarcasmo
(23,968 posts)Socal31
(2,484 posts)I'm sure that no Facebook employees have ever abused their lax data policies and procedures to stalk a current, ex, or unrequited love interest, right?