Facebook has advised users to change their passwords for three of its popular apps- pronto! On Thursday, a report by Krebs on Security shared something shocking.
The report read that Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform.
This means that because of that Facebook Bug, everyone’s passwords can easily be retrieved and that too without any complications at all. This also means these passwords were available to thousands of Facebook employees at hand.
For those who were unaware, an organization can store passwords to thousands and thousands of accounts using a process called hashing (which unscrambles passwords) before saving it to their servers.
If the server is compromised, it might just be the end of the tech-titan, which is why the company heavily invests in security and other means to keep the server protected from possible hits.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems”-Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy wrote in a statement
Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.
Earlier last year, another Facebook bug was caught for stealing passwords. Known FaceXWorm, the bug is being used by cybercriminals to gain access to an individual’s profile to steal their information, like their debit/credit card numbers, address, and more.
The Facebook Messenger bug was first spotted by Kim Komando, consumer tech radio host, who had shed some light upon the matter adding that criminals are using these tactics and techniques to spread the bug, and other bugs alike via phishing scams.
“FACEXWORM IS A NASTY STRAIN THAT DIRECTS VICTIMS TO FAKE VERSIONS OF WEBSITES, SUCH AS YOUTUBE, AND THEN ASKS THEY DOWNLOAD A CHROME EXTENSION IN ORDER TO PLAY A VIDEO’S CONTENT,” MCAFEE’S CHIEF CONSUMER SECURITY EVANGELIST, GARY DAVIS
As of now, Facebook has told WIRED that the passwords that were exposed weren’t all stored in one place and that the issue didn’t result from a single bug in the platform’s password management system.
Facebook says that the scattered nature of the problem made it more complicated both to understand and to fix, which the company says explains the nearly two months it took to complete the investigation and disclose the findings.
Have something to add to the story? Share it with us in the comments below.
Stay tuned to Brandsynario for more news and updates.