Per a report from Krebs on Security on March 21, Facebook has — yet again — found a way to mishandle its users' data. This time around, it appears that Facebook incorrectly stored user passwords and made them exposed to thousands of employees.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That's according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.
It's estimated that between 200 million and 600 million users had their passwords exposed, dating as far back as to ones created in 2012. During this time, over 20,000 employees at Facebook could search for and find the passwords without a problem.
Facebook says it'll notify users affected by this, but it won't require them to change their password as a result of the findings.
Speaking to Krebs on Security, Facebook Software Engineer, Scott Renfro, said:
We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data. In this situation what we've found is these passwords were inadvertently logged but that there was no actual risk that's come from this. We want to make sure we're reserving those steps and only force a password change in cases where there's definitely been signs of abuse
Even if none of the passwords were used for malicious purposes, it's incredible that stuff like this keeps happening with Facebook. We've heard the company talk about how it values its users' privacy/security, but when stories like this continue to pop up, those reassurances mean less and less.
Read more
Facebook, Instagram, and Whatsapp are currently experiencing an outage
Facebook, Instagram, and Whatsapp are currently experiencing an outage with Europe and the East Coast of the U.S. being the most affected.
Facebook says it exposed millions of Instagram user passwords
Less than a month after Facebook exposed around 600 million of its users' passwords to employees, the company has quietly announced that Instagram accounts have been affected as well.
Facebook files patent infringement lawsuit against BlackBerry
The legal battle that started back in March between BlackBerry and Facebook has now escalated to Facebook returning legal fire in claims that BlackBerry infringed several Facebook patents.
Facebook has been sharing user data with 60 smartphone OEMs
A new report from The New York Times has now highlighted claims of Facebook sharing its users' data with at least 60 smartphone OEMs over the past ten years including BlackBerry, Apple, and Samsung.