Things are going from bad to worse for Facebook who after openly syndicating a live Christchurch massacre video is now facing allegations after 600 million user passwords were found stored as just plain text.
The passwords were also easily accessible by up to 20,000 employees who could have easily copied them.
Security researcher Brian Krebs broke the news about data protection failures on passwords that went back seven years to 2012.
In public comments, Facebook said it had discovered the issue in January as part of a routine security review, they now claim to have resolved what they claim was a “glitch”.
It’s not known whether any disgruntled employee had access to the data.
In a detailed expose, Mr Krebs said a Facebook source had told him about “security failures” that had let developers create applications that logged and stored the passwords without encrypting them.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” the company told Reuters.
But it added it would enforce a password re-set only if its taskforce looking into the issue uncovered abuse of the login credentials.
The news caps a long period of trouble for Facebook over the way it handles and protects user data.
In September last year, it said information on 50 million users had been exposed by a security flaw.
And earlier in 2018 it revealed that data on millions of users had been harvested by data science company Cambridge Analytica.
Source : https://www.channelnews.com.au/600-million-facebook-passwords-exposed-for-up-to-seven-years/403