Facebook stored "hundreds of millions" of account passwords without encryption and viewable as plain text to tens of thousands of company employees, according to a report Thursday by cybersecurity journalist Brian Krebs.
Facebook confirmed the report in a blog post.
The incident could have affected as many as 600 million users, a significant portion of Facebook's user base of 2.7 billion people.
The company said Thursday it planned to start notifying those affected.
"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way," Facebook said in a statement Thursday.
The incidents dates back to as early as 2012, according to the report. A Facebook software engineer named Scott Renfro was quoted by Krebs as saying the company hasn't found any misuse of data and that "there was no actual risk that's come from this."
Facebook, however, has been under intense scrutiny due to several years of privacy and security scandals that have earned the company criticism from customers and inquiries and fines from several regulatory agencies, particularly in the European Union.
This is a developing story check back for more details.
No comments:
Post a Comment