NEWS22 March 2019

Facebook glitch left passwords exposed internally

News North America Privacy Technology

US – Facebook has fixed a glitch in its internal systems that left millions of user passwords exposed to the company’s employees.

Person holding phone with Facebook login screen

Millions of users’ account passwords were stored in a plain text readable format that could have been accessed by 20,000 Facebook staff, according to cyber security blog KrebsOnSecurity, which first reported the news.

Citing an anonymous senior source at Facebook, the blog said an ongoing investigation at the firm indicates between 200 million and 600 million Facebook users may have had their account passwords stored in this way, with plain text password archives dating back to 2012.

Facebook said it became aware of the issue in January and has resolved the glitch.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” Pedro Canahuati, vice-president of engineering, security and privacy at the company, said in a blog post yesterday.

Any users who have been affected will be notified. Facebook estimates this will include “hundreds of millions of Facebook Lite users” – those using a version of Facebook in areas with low connectivity – as well as “tens of millions of other Facebook users, and tens of thousands of Instagram users”.