While the information could have proven disastrous if it had fallen into the wrong hands, Facebook says the login credentials were "never visible to anyone outside of Facebook". While Facebook claims to have found no indication that the passwords were abused, an insider speaking to Krebs on Security claims around 2,000 developers made around 9 million queries against the logs, returning data which contained these plain text passwords.
It looks as though Facebook is in hot water once again today as it has been revealed up to 600 million Facebook users had their passwords stored in plain text on the social network's internal servers as far back as 2012.
Brian Krebs of security news website KrebsOnSecurity.com cited an unnamed Facebook source as saying the internal investigation had so far indicated that as many as 600 million users of the social network had account passwords stored in plain text files searchable by more than 20,000 employees.
The information commissioner's office warns companies: "Do not store passwords in plaintext - make sure you use a suitable hashing algorithm, or another mechanism that offers an equivalent level of protection against an attacker deriving the original password".Читайте также: Joel Embiid: 'I'm the Most Unstoppable Player in the League'
"This caught our attention because our login systems are created to mask passwords using techniques that make them unreadable", Canahuati said in the blog post. Facebook said they first discovered this security mistake as part of a routine security review in January. Tens of thousands of Instagram users also were also affected.
'In this situation what we've found is these passwords were inadvertently logged but that there was no actual risk that's come from this.
In an interview with KrebsOnSecurity, Facebook software engineer Scott Renfro said the company wasn't ready to talk about specific numbers - such as the number of Facebook employees who could have accessed the data.
Update, 11:43 a.m.: Facebook has posted a statement about this incident here.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог