Facebook revealed on Thursday that, against security procedures, it mistakenly kept a copy of passwords for as many as 600,000 (1/4 of all users) in a readable format within its internal data storage systems, visible to the company’s 20,000 employees, in some cases, for almost seven years.
Instagram users are also affected by this security breach
Recent news releases report that of the 20,000 employees with access to these passwords, 2,000 employees made more than 9 million queries for data that included those passwords, dating back to 2012.
USA Today wrote:
"Storing passwords in clear text is a terrible idea because it would allow employees and potential attackers who steal this data to easily use these passwords and potentially log on to other, non-Facebook-related services as well because users often reuse passwords," Kirda added. "If this data leaks out, or a Facebook employee who has access to this data ends up becoming malicious, having this data lying around might lead to other, easy account compromises that are not directly hosted on Facebook.”
It's unconfirmed whether any consumers were harmed in this breach but “the more people at Facebook who have access to this data, the greater the likelihood that someone will abuse that access,” Krebs says. “When you start getting into the realm of tens of thousands of employees with that opportunity over as much as seven years, the chances for harm or abuse would seem to go up considerably.”
Forbes reported that:
The company discovered the breach three months ago but was trying to keep it secret until a concerned whistle-blower leaked details to KrebsOnSecurity, which forced the company to make a hasty admission on Thursday.
Despite hundreds upon hundreds of millions of users having their passwords exposed to Facebook employees millions upon millions of times in the company’s latest breach, no-one is going to stop using Facebook.
There will be no mass exodus of users.
There will be no new laws or regulations.
There will be no meaningful fines or financial penalties.
There will be no consequences of any kind for the company.
The New York Times also noted:
A Facebook employee could have shared your password with someone else who would then have improper access to your account, for instance. Or an employee could have read your password and used it to log on to a different site where you used the same password. There are plenty of possibilities.
CQUniversity Australia engineering and technology lecturer Dr Jahan Hassan said Facebook’s latest glitch exposed users to a “high risk” of someone stealing their password to log into their personal accounts.
If the password ends up in bad hands, they can find out very personal information and anything can happen.
“The big problem you’ve got when you have a security incident like this is, it’s not just the security risk to that particular account – it’s that that particular account may also be a key into other parts of their life,” Dr Dreyfus said. “It could be used for their Gmail account, Twitter account, or it could go into the deep, dark abyss of their online financial banking institutions.”
In September last year, the company confessed a security flaw had exposed private information on 50 million users, and earlier in 2018, it revealed that data on millions of users had been harvested without their knowledge by data analytics company Cambridge Analytica.
** Always be sure to secure your accounts by changing your passwords regularly **
All content provided on our website is for informational purposes only. Strive Tax & Accounting, LLC makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site, will not be liable for any errors or omissions in this information nor for the availability of this information and will not be liable for any losses, injuries, or damages from the display or use of this information. Strive Tax & Accounting, LLC does not represent or endorse the accuracy or reliability of any information content distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any information or any other material displayed, purchased, or obtained by you because of an advertisement or any other information’s or offer in or in connection with the services herein. Any reliance upon the information shall be at your own risk. Strive Tax & Accounting, LLC reserves the right, in its sole discretion and without any obligation, to make improvements to, or correct any error or omissions in any portion of the service or the materials. The information is on an ‘as is’ basis, and Strive Tax & Accounting, LLC expressly disclaims and all warranties, express or implied, with respect to the information presented and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.