Still using Facebook? If yes we got bad news for you because it seems that FB employees could see your passwords since the beginning.
Today, it was revealed that more than 2,000 Facebook engineers and developers made over nine million internal queries of data elements protected with plain text passwords.
Cybersecurity researchers found that between 200 million and 600 million users may have their account passwords stored in plain text since the beginning. This fact means that any one of the 20,000 Facebook employees could have access to every user profile and data.
And if you think that this huge cybersecurity mistake is new you are wrong again, it seems that the problem was first reported to a senior Facebook employee familiar with the ongoing problem, but the report disappeared without a trace, soon after.
In this first report, researchers underlined that they have found archives with unencrypted user passwords that were dating back to 2012.
Now other investigators are still working to determine the total number of user passwords affected and also the length of time they were exposed.
Because they couldn’t hide it anymore, Facebook reports that the issue was first detected in January during a routine security review.
In this routine security review it was found that some passwords were being stored in a readable format on internal data storage systems, the Facebook spokesman said.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Soon after Pedro Canahuati, the vice president of engineering, security, and privacy at Facebook, posted a statement in which he said that the company’s login systems are designed to mask passwords using tactics that make them unreadable. He also said that the passwords are not visible to anyone outside Facebook and that there is no evidence of anyone within the company who might abuse or improperly accessed passwords.
In the mine time, Facebook has fixed the issue and promised that will notify the people whose passwords were unencrypted.
Cybersecurity specialists are saying that hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users are affected by this huge cybersecurity flaw. Even more concerning is the fact that because there is no indication of the exposed passwords, users won’t be notified to change them.
The anonymous source who spoke with KrebsOnSecurity says Facebook access logs indicate about 2,000 engineers or developers made some nine million internal queries for data elements with plain text., For now, it is still unclear why the 2,000 engineers and developers made some nine million internal queries for data elements in plain text but we will tell you as soon as we find out.
We will always deliver the most significant breaking news events. Keep in mind that vulnerability rates in application software remain as high as they were 15 years ago.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.