Facebook Discovers Millions Of Users Password Was Not Stored Accurately

After a temporary crash some weeks back which left everyone worried about the next step being online. Facebook has recently experienced another glitch which is associated with storage of some users password or specifically inadequate internal storage which could have opened millions of accounts to hackers.

As explained by Facebook;

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way."

That 'readable format' was in plain text, which was used internally by Facebook employees. For an unexplained reason, Facebook had used this listing for certain tasks - Facebook says that there's no evidence the data was shared to anyone outside of Facebook, and that they wouldn't be able to read the information if it was, but it has been accessible to some 2,000 internal engineers and developers, which is a considerable vulnerability.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity."

Interesting qualifier in the last line - "don't worry, it was mostly poor people who were affected".

But even without official confirmation, it's in the millions - Facebook had a form of plain text which listed millions of user passwords, which could, potentially, have been utilized by hackers. There's no evidence of this happening, but again, it was a vulnerability, and Facebook is now taking action to address it.

Even though there's no evidence that this information has been shared beyond Facebook, at best, it's another headache for the company, another incident which raises questions over its capacity to handle sensitive information, and manage user privacy.

In its acknowledgment of the issue, Facebook says that:

"There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook."

Even if it's not, it's another significant weight hanging on the opposite side of the scales for Zuck and Co.