Facebook said on Thursday that millions of user account passwords had been stored insecurely, potentially allowing employees to gain access to people’s accounts without their knowledge.
The Silicon Valley company publicized the security failure around the same time that Brian Krebs, a cybersecurity writer, reported the password vulnerability. Mr. Krebs said an audit by Facebook had found that hundreds of millions of user passwords dating to 2012 were stored in a format known as plain text, which makes the passwords readable to more than 20,000 of the company’s employees.
Facebook said it had found no evidence of abuse and that it would begin alerting millions of its users and thousands of Instagram users about the issue. The company said it would not require people to reset their passwords.
The security failure is another embarrassment for Facebook, a $470 billion colossus that employs some of the most sought-after cybersecurity experts in the industry.
Brian X. Chen – New York Times – March 21, 2019.