Facebook Inc left hundreds of millions of user passwords readable by its employees for years, the company said on Thursday after a security researcher exposed the lapse.
By storing passwords in readable plain text, Facebook violated fundamental computer-security practices, which call for organizations and Web sites to save passwords in a scrambled form that makes it almost impossible to recover the original text.
Facebook said there is no evidence its employees abused access to this data, but thousands of employees could have searched them.
The passwords were stored on internal company servers, where no outsiders could access them, the company said.
Even so, some privacy experts suggested that users change their Facebook passwords.
The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.3 billion users worldwide.
Security blog KrebsOnSecurity said that Facebook might have left the passwords of about 600 million Facebook users vulnerable.
In a blog post, Facebook said it would likely notify “hundreds of millions” of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users that their passwords were stored in plain text.
Facebook Lite is a version designed for people with older phones or slow Internet connections. It is used primarily in developing countries.
Facebook said it discovered the problem in January, but security researcher Brian Krebs wrote that in some cases the passwords had been stored in plain text since 2012.
Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.
The problem was not due to a single bug, Facebook said.
During a routine review in January, it said it found that the plain text passwords were unintentionally captured and stored in its internal storage systems. This happened in a variety of circumstances, for example, when an app crashed and the resulting crash log included a captured password.
Facebook’s normal procedure for passwords is to store them encoded, the company said in its blog post.
That is good to know, although Facebook engineers apparently added code that defeated the safeguard, security researcher Rob Graham said.
“They have all the proper locks on the doors, but somebody left the window open,” he said.
MULTIFACETED: A task force has analyzed possible scenarios and created responses to assist domestic industries in dealing with US tariffs, the economics minister said The Executive Yuan is tomorrow to announce countermeasures to US President Donald Trump’s planned reciprocal tariffs, although the details of the plan would not be made public until Monday next week, Minister of Economic Affairs J.W. Kuo (郭智輝) said yesterday. The Cabinet established an economic and trade task force in November last year to deal with US trade and tariff related issues, Kuo told reporters outside the legislature in Taipei. The task force has been analyzing and evaluating all kinds of scenarios to identify suitable responses and determine how best to assist domestic industries in managing the effects of Trump’s tariffs, he
TIGHT-LIPPED: UMC said it had no merger plans at the moment, after Nikkei Asia reported that the firm and GlobalFoundries were considering restarting merger talks United Microelectronics Corp (UMC, 聯電), the world’s No. 4 contract chipmaker, yesterday launched a new US$5 billion 12-inch chip factory in Singapore as part of its latest effort to diversify its manufacturing footprint amid growing geopolitical risks. The new factory, adjacent to UMC’s existing Singapore fab in the Pasir Res Wafer Fab Park, is scheduled to enter volume production next year, utilizing mature 22-nanometer and 28-nanometer process technologies, UMC said in a statement. The company plans to invest US$5 billion during the first phase of the new fab, which would have an installed capacity of 30,000 12-inch wafers per month, it said. The
Taiwan’s official purchasing managers’ index (PMI) last month rose 0.2 percentage points to 54.2, in a second consecutive month of expansion, thanks to front-loading demand intended to avoid potential US tariff hikes, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. While short-term demand appeared robust, uncertainties rose due to US President Donald Trump’s unpredictable trade policy, CIER president Lien Hsien-ming (連賢明) told a news conference in Taipei. Taiwan’s economy this year would be characterized by high-level fluctuations and the volatility would be wilder than most expect, Lien said Demand for electronics, particularly semiconductors, continues to benefit from US technology giants’ effort
‘SWASTICAR’: Tesla CEO Elon Musk’s close association with Donald Trump has prompted opponents to brand him a ‘Nazi’ and resulted in a dramatic drop in sales Demonstrators descended on Tesla Inc dealerships across the US, and in Europe and Canada on Saturday to protest company chief Elon Musk, who has amassed extraordinary power as a top adviser to US President Donald Trump. Waving signs with messages such as “Musk is stealing our money” and “Reclaim our country,” the protests largely took place peacefully following fiery episodes of vandalism on Tesla vehicles, dealerships and other facilities in recent weeks that US officials have denounced as terrorism. Hundreds rallied on Saturday outside the Tesla dealership in Manhattan. Some blasted Musk, the world’s richest man, while others demanded the shuttering of his