Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Jaap Arriens/Sipa USA via PA Images

Facebook admits its staff had access to millions of users' passwords

It said the passwords were stored in plain text on its internal servers.

FACEBOOK HAS ADMITTED that millions of passwords were stored in plain text on its internal servers – a security slip that left them readable by the company’s employees. 

The social media giant has, however, said there is no evidence that employees had abused access to the data. 

The passwords were stored on internal company servers and no outsiders could access them, Facebook said. 

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” vice president of engineering, security, and privacy Pedro Canahuati said in a blog post.

The blunder was discovered during a routine security review earlier this year, he said. 

Canahuati has said the issues have been fixed. 

As a precaution, Facebook will notify everyone whose password was found stored in this way. 

“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users,” Canahuati said.

Facebook has reminded users of some steps they can take to keep their account secure:

  • You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
  • Pick strong and complex passwords for all your accounts. Password manager apps can help.
  • Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.

This incident comes following an array of controversies centred on whether Facebook properly safeguards the privacy and data of its users. 

In April, Facebook revealed it believed that up to 87 million people’s data was improperly shared with the political consultancy firm Cambridge Analytica. 

Last September, the social media giant said that up to 50 million accounts were breached in a security flaw exploited by hackers.

Includes reporting by AFP

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
31 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds