Facebook Stored Millions of User Passwords in Unprotected Format, Was Available in Plain Text to Employees

Marisha Dolly Singh
Mark Zuckerberg wants governments to take a more active role in patrolling the internet. The Facebook CEO said that governments should formulate new laws in four areas to control harmful content on the internet.

Toronto, March 22: In another story of Facebook’s lax attitude towards protecting the data of its users, millions of passwords were reportedly stored in plain text format on internal servers and which were accessible by up to 2000 employees of the social network platform.

Also Read | New Zealand PM Jacinda Ardern Receives Death Threats on Social Media; Text Reads: 'You Are Next'

These passwords date back to 2012 and the ‘glitch’ which stored the passwords in plain text format was discovered only this January. Up to 600 million users of Facebook could have had their passwords compromised. Facebook’s review showed that most of the people affected were users of Facebook Lite, which tend to hail from nations where net connections are sparse and slow. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users," the company told Reuters. Affected users will be directly notified. Read: Mark Zuckerberg's Emails From Leaked Documents Reveal How Facebook Cut Off Its Rival Vine

This security flaw story was broken by security reporter Brian Krebs, who cited a “senior Facebook inside source”, to say that “access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain-text user passwords”.

Also Read | Lok Sabha Elections 2019: WhatsApp, Facebook, Twitter, Google to Remove Content Violating Poll Code in 3 Hours

But the company refuted reports that user security was compromised. In a statement, Facebook’s vice-president for engineering, security and privacy, Pedro Canahuati, said, “We have found no evidence to date that anyone internally abused or improperly accessed” the passwords, which “were never visible to anyone outside of Facebook”.

He also said that Facebook has now fixed this particular issue, as well as some problems the company discovered in other security features, such as the code by which users log in through other apps.

This story now becomes just one in a long line of developments that have shown up Facebook’s almost callous attitude towards the privacy and security of its users. The Mark Zuckerberg-led platform has been embroiled in the Cambridge Analytica data-privacy scandal, emails which showed Zuckerberg and team auctioning access to its users to the highest bidder and this is the latest one.