Facebook confirms millions of passwords compromised

Facebook confirms millions of passwords compromised

Facebook has confirmed thousands of their employees had been able to see hundreds of millions of user passwords for years after a security researcher posted about the issue online.

The social media giant violated fundamental computer security practices by storing passwords in readable plain text, instead of scrambling the passwords.

Facebook says only its employees had access to the readable passwords and that it had found no evidence that its workers abused or gained improper access to them.

Pedro Canahuti, Facebook's VP Engineering, Security and Privacy, issued a statement saying the company will contact hundreds of millions of users to inform them of the breach.

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Canahuti says.

"This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.

"We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.

"We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users."

Facebook Lite is a version of the social network designed for people with older phones or low-speed internet connections, used primarily in developing countries. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.

Facebook has had major breaches in the past, most notably last September when hackers accessed more than 29 million accounts.

The latest security breach relating to passwords has raised questions about Facebook's ability to manage more complex encryption issues, like messaging.

Despite the assurances that there was no evidence of improper use of passwords, security experts have advised Facebook users to change their passwords.

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

SMEs urged to consider business insurance to mitigate financial risks
Partner Content
A single “bad luck” incident could cause financial disaster for many Australian sma...
Advertisement

Related Stories

Sydney open banking app Waave snapped up by UK fintech Banked

Sydney open banking app Waave snapped up by UK fintech Banked

More than a year after securing $4.7 million in a seed funding roun...

Appen returns to underlying profitability, rattles the tin for $50m to fund GenAI opportunities

Appen returns to underlying profitability, rattles the tin for $50m to fund GenAI opportunities

After pulling itself up by the bootstraps when a major contract fel...

Rumin8 gains approval in Brazil to test methane-reducing tech on world’s largest cattle herd

Rumin8 gains approval in Brazil to test methane-reducing tech on world’s largest cattle herd

Perth-based climate technology company Rumin8, which is backed by t...

Quantum computing group Q-CTRL secures $87m top-up for a record $167m Series B capital raise

Quantum computing group Q-CTRL secures $87m top-up for a record $167m Series B capital raise

Sydney-based quantum computing group Q-CTRL has expanded its Series...