Facebook employees had access to 600 mn passwords stored in plain text, issue fixed

Facebook said that the issue has now been fixed but as a precaution, it will be notifying those affected.

Facebook just can't catch a break at the moment. Just as recently as yesterday the social media giant has suffered yet another setback. A glitch, or so Facebook wants us to believe, made hundreds of millions of users' password appear in plain text to Facebook employees.

Image: Reuters

Image: Reuters

The passwords were accessible to as many as 20,000 Facebook employees and dated back as early as 2012, cybersecurity blog KrebsOnSecurity said in its report.

Facebook has immediately put up a blog on its Newsroom for damage control and claimed that “these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,”. It also said that the issue has now been fixed but as a precaution, the company will be notifying everyone whose passwords were exposed.

The number of users whose password had been compromised range from nearly 200 million to 600 million, said the report. The breach came into light after a senior Facebook employee familiar with the matter came forward on the condition of anonymity.

The cybersecurity blog states that the anonymous Facebook insider revealed that access logs of some 2,000 Facebook employees showed that nearly nine million internal queries were made for data elements that contained plain text user passwords.

Facebook said that it will be notifying about hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.

Facebook Lite, which is a lighter version of the main Facebook app, is designed for areas with poor connectivity and for phones which have low-end specs. It would appear that users of Facebook Lite are the ones that have been affected the most.

Facebook software engineer Scott Renfro, said in an interview with KrebsOnSecurity that Facebook first came to know about this situation back in January when security engineers reviewing some new code saw passwords being logged in as plain text.

“We have a bunch of controls in place to try to mitigate these problems, and we’re in the process of investigating long-term infrastructure changes to prevent this going forward," said Renfro to KrebsOnSecurity. He has said that no Facebook passwords resets would be required.

How to change your Facebook password

On its blog, Facebook has explained in detail about what it is doing to protect your passwords which includes a variety of signals to detect suspicious activity, introducing a physical security key to your account, two-factor authentication and more. Here's a small guide on how to change your password.

For desktop

Go to settings -> Security and Login -> Change password

For iOS and Android

Settings & Privacy -> Settings -> Security and Login -> Change Password

For Instagram

Settings -> Privacy and Security -> Password

This caps off a particularly tough month for Facebook after last week federal prosecutors started an investigation into the data deals struck by the company with other tech giants around the world.


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.