Facebook stored hundreds of millions of passwords in plain text

Facebook stored passwords for hundreds of millions of users in plain text, exposing them for years to anyone who had internal access to the files, according to Krebs on Security . Users' passwords are generally protected with encryption (a process known as hashing), but a series of errors led some Facebook brand applications to leave the passwords accessible to a maximum of 20,000 employees of the company.

Between 200 and 600 million Facebook users are believed to be affected, according to Krebs who reported the security flaw for the first time. Facebook confirmed the problem in a blog post titled "Keeping passwords safe," and said the company identified the problem in January as part of a security review. Facebook says that it has solved the problem and will notify all those affected.

According to Facebook, there is no evidence that plain text passwords were exposed outside the company or that Abused internally. As a result, users will not have to reset their passwords. The problem affected "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users," says the company.

Although there is no evidence of abuse, at least 2,000 Facebook employees searched the archives containing passwords, although it is not clear why. The registration of passwords began in 2012.

This is the latest in a series of security problems for Facebook. In October, a hacker was able to access the personal information of 29 million accounts after stealing login tokens. Prior to that, it was found that pirated private messages of 81,000 users had been released. And none of that includes the large-scale improper data exchange problems that started with Cambridge Analytica and began to pressure the company to change its practices.

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.