Facebook Gaffe: employees have access to hundreds of millions of private passwords



[ad_1]

Facebook Press Room – On March 21 (Thursday) Facebook posted a statement in its newsroom titled "Protecting Secure Passwords" on how users' passwords were stored "in a readable format" in their systems. data storage. This meant that Facebook staff had access to users' passwords.

The breach of confidentiality was discovered during the organization's regular security check in January.

The statement revealed that the revelation had attracted their attention because Facebook's login systems were designed to "hide passwords using techniques that make them unreadable".

The people involved are hundreds of millions of Facebook Lite users, a version of Facebook aimed at less connected regions, tens of millions of habitual Facebook users and tens of thousands of users of Facebook. # 39; Instagram.

To date, Facebook has only provided this estimate, but it has assured the public that the problems have been resolved and that as a precaution, it would notify all concerned and their password would be revealed.

"To be clear, these passwords have never been visible to anyone other than Facebook and we have found no evidence to date that anyone would have been abused or misused," said Facebook. .

According to a report by Krebs on security, Employees created apps that took encrypted connection passwords from Facebook users and stored them in plain text on the company's internal servers. An experienced Facebook employee, familiar with the survey and wishing to remain anonymous for security reasons, shared this insider practice within the organization.

The Facebook source had a more defined number of affected users, who said between 200 and 600 million Facebook users could have passwords from their accounts accessible to more than 20,000 Facebook employees.

The survey also showed that there were plain text versions of user passwords that date back to 2012.

Meanwhile, in the update provided by Facebook, they explained how users' passwords are protected, reminding them that they were "masking" private information when creating the account so that no one within of the company can not see them.

"In terms of security, we" hack "and" lounge "passwords, including using a function called" scrypt "as well as a cryptographic key that allows us to irreversibly replace your current password by a random character set. With this technique, we can validate that a person logs in with the correct password without having to store it in plain text, "explained Facebook.

Pedro Canahuati, Vice President Engineering, Security and Privacy, also spoke about Facebook's security measures designed to protect users' accounts, such as signals of suspicious activity, alerts for unrecognized connection, etc. .

Read the full update below:

Keep passwords secure

Facebook reassured the public by explaining that no passwords were exposed outside and that there was no evidence of internal abuse. However, he gave advice on how to secure an account, for example by changing his password and activating two-factor authentication.

Passwords are confidential information and their preservation in encrypted form is essential for cybersecurity. The CEO of Threatcare, an Austin cybersecurity company, Marcus Carey, said that "encrypting passwords is security 101."

"If they can not apply the basic principles of cybersecurity, they certainly fail in the toughest challenges," he added.

Facebook has been faced with numerous incidents compromising cybersecurity since the Cambridge Analytica data scandal in March 2018. Just a week ago, the company did not block 300,000 downloads of the live sequence of the mosque massacre in New Zealand.

Prior to this, last December, Facebook discovered a bug within the platform allowing third-party apps to access user photos, even those that were not fully downloaded to Facebook and saved as drafts.

[ad_2]
Source link