Facebook on Thursday said that it had left millions of passwords exposed in plain text, potentially visible to the company’s employees.
This marks another privacy scandal for the tech giant which has been under the lens for privacy breaches of late.
Facebook said it believed the passwords were not visible to anyone outside of the company, and had no evidence that its employees “internally abused or improperly accessed them” — but said it would notify users of Facebook as well as its photo-sharing site, Instagram, that they had been affected.
Still, the revelation adds to a litany of recent privacy and security mishaps at Facebook, some of which have triggered investigations in the United States and European Union and could carry the risk of steep fines and other punishments.
Like most companies, Facebook said it stores passwords in a way that’s supposed to make them unreadable using a technique called hashing.
But a security check in January found that it was in an easily readable format. The users that were most affected were those using Facebook Lite which is suitable for areas with lower broadband speeds.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Pedro Canahuati, the company’s vice president of Engineering, Security and Privacy, in a blog post. “We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
In September, Facebook acknowledged that hackers had stolen information that may have allowed them to access 50 million user accounts. It logged out 90 million users from their accounts because of the security incident, which allowed hackers to access profile information including users’ names and their gender.
MARKETING Magazine is not responsible for the content of external sites.