Facebook is at it again, coming up with utter negligence yet again when it comes to safeguarding their users, not to mention disclosing breaches to them.
The social media company has accepted the fact of storing the passwords of millions of users in plain text, where employees could see them.
The issue was first taken out of the veil by cybersecurity Brian Krebs earlier this week, but it wasn't until yesterday that Facebook confirmed the news in a blog post. And understand that, it was a serious flaw in their systems that cropped up back in 2012, and we had no word about it, despite the fact that the flaw was discovered in January this year. It's not astonishing considering the habit Facebook has made of not disclosing breaches and vulnerabilities until they're in some trouble.
Reports say the password data for anywhere between 200 million to 600 million Facebook users were exposed.The issue popped up quite recently because Facebook is investigating these incidents. Apparently, employees built applications that logged users' unencrypted passwords in plain text on internal company servers. The standard security protocol to encrypt saved passwords, using a process named hashing, but a number of things ended up with apps that weren't doing this.
Therefore, as many as 20,000 Facebook employees would have had a reach to those plain text passwords. Facebook says it's now starting to notify all the affected users, but a password reset won't be necessary. “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," says Pedro Canahuati, VP of Engineering, Security and Privacy, in a blog post.
At this particular point, we're in a sheer doubt about Facebook that's hard to even be taken seriously anymore.
For more interesting stories download the Lopscoop application from Google Play Store and earn extra money by sharing it on social media.