According to a report from Krebs on security on March 21, Facebook has found a way to mishandle its user’s data again. Around this time, it appears that Facebook incorrectly stored user passwords and exposed that data to thousands of employees.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and then stored it in plain text on internal company servers and there is no security for user’s accounts and passwords. According to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.
It’s estimated that out of 600 million users’ 200 million user’s account detail and passwords are exposed and dating as far back as to ones created in 2012. During this time period, over 20,000 employees at Facebook could easily search for and they can find the passwords without a problem.
Facebook says it’ll notify users affected by this, but it won’t require them to change their password as a result of the findings. Speaking to Krebs on Security, Facebook Software Engineer Scott Renfro said:
We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data. In this situation what we’ve found that there was no risk from these passwords which were inadvertently logged. We don’t want change the password we only change it in a case where it definitely been a sign of abuse and to make sure we’re reserving those steps.
Also Read: How to fix Bluetooth problems on a Mac?
Even if none of the passwords were used for malicious purposes, it’s incredible that stuff like this keeps happening with Facebook. We’ve heard the company talk about how it values its users’ privacy/security, but when stories like this continue to pop up, those reassurances mean less and less.