Facebook Stores Passwords in Plain Text

Filer, ID, Release: March 22,2019. For Immediate Release

Facebook is under more heavy scrutiny today. It was discovered that they have been unintentionally storing passwords in plain text for anywhere from 200-600 million users since 2012.

According to Facebook, there was a bug in one of their system updates that flawed their current hashing process. The passwords were hashed in their database but were occasionally captured in plain text by their logging system for some login/signup requests. Since the discovery, Facebook has created a task force to look into this issue and says the issue has been fixed. They also say they have seen no evidence that any of the passwords were compromised externally; however, the files were accessed by about 2,000 engineers and developers internal to Facebook.

Most companies that store user information use a process called hashing. This scrambles passwords and adds numerical values to the end of the hashed password. This helps make passwords more secure because hackers have a difficult time figuring out the password string. Encryption is an important lesson here as well.

Anyone worried about having their passwords exposed can do a few things to protect themselves. The first is two-factor authentication. “You can protect yourself from a breach by using a two-factor authentication, such as Google authenticator, or use Facebook’s two-factor authentication specifically for their site,” explained Pedro Baptista, Systems Administrator at SimplicIT Technical Solutions. Secondly, it is always smart to change all of your passwords after a compromise like this, especially if you use the same passwords on multiple platforms.

Facebook mentioned that there was no need to worry, but the likelihood of exposure has become too much of a chance to take in today’s cyber world, especially after Facebook experienced security breaches in the past, including stolen security tokens.

Facebook said that any users that were compromised will receive an email with a further explanation and what steps to take.

Contact info:

Name: Senate Eskridge, Business Development

Organization: SimplicIT Technical Solutions

Company URL: https://simplicittech.com/

Address: 400 Main Street, Filer, ID 83328

Phone: (208) 326-3800