Facebook CEO Mark Zuckerberg once stated: Protecting user data is the top priority of this social network. But, from the scandals that the company stumbles on, the most recent issue is the storage of user passwords in plain text without encryption, can we still believe them?
Recently, it seems that whenever newspapers post news about Facebook, it is like a notice of a mistake by this company. Data leakage, security breach, shady user buying and selling information, and now adding a new issue related to user passwords.
It is hard to believe that the information revealed that this social network stores hundreds of millions of plain text user passwords that can easily be logged by the company’s employees. According to a confidential source, an estimated 200-600 million passwords have been stored this way.
In principle, all information must be encrypted so that no one can read it, even the company hosting them, let alone sensitive data such as user passwords. Facebook itself has not shared actual numbers, but Facebook said it plans to notify “hundreds of millions” of Facebook Lite users, “tens of millions” of other Facebook users and “tens of thousands” of Instagram users about this situation.
Facebook claims that although its employees have access to these password files, there is no evidence that anyone uses the wrong purpose. However, according to Krebs on Security, the password store in this simple form is said to have been implemented since 2012 and has at least 2,000 Facebook employees searching for files containing passwords but unknown purpose.
This incident followed a series of Facebook security vulnerabilities over time. In October 2018, a hacker had access to personal information of nearly 30 million accounts after stealing a token to log in. Earlier, private messages of 81,000 users were stolen and sold publicly.
So does this company store user passwords in a plain text format? That is a good question.
Remember that at least Facebook and its employees have access to archive files on these passwords. Therefore, the above conclusion is completely grounded. Facebook itself discovered the problem in January during a periodic security investigation. At this point, all the above problems have been overcome.