Facebook has recently discovered a new security issue on its platform. The security issue came in the form of password storage – or more specifically, inadequate internal password storage, which could easily have opened millions of accounts up to hackers.
In a statement released by Facebook, the platform explained that:
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
The ‘readable format’ in question was in plain text, which was used internally by Facebook employees. For reasons best known to them, Facebook had used this listing for certain tasks. Although Facebook says that there’s no evidence the data was shared to anyone outside of Facebook, and that they wouldn’t be able to read the information if it was, but it has been accessible to some 2,000 internal engineers and developers, which is a considerable vulnerability.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.”
That last line though – “don’t worry; it was mostly poor people who were affected”.
According to estimates, about 600 million people and accounts were affected by this security issue. Which means that those listed 600 million user passwords could have potentially been utilized by hackers. There’s no evidence of this happening, but then again, it was a vulnerability, and Facebook is now taking action to address it.
For now though, it is just another incident which raises questions over its capacity to handle sensitive information, and manage user privacy.
In acknowledging the issue, Facebook reiterated that:
“There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook.”
DON’T FORGET TO SUBSCRIBE WITH YOUR EMAIL BELOW AND GET MORE OF THIS EVERYDAY