Facebook staff had access to hundreds of millions of people's passwords

Article Image

CNN's Jon Sarlin explores the different ways that the social media giant has kept competitors at bay — and why that could now spell trouble.

Posted: Mar. 21, 2019 4:48 PM


Facebook revealed on Thursday it didn't properly mask the passwords of hundreds of millions of its users and stored them in an internal database that could be accessed by its staff.

The company said it discovered the passwords during a security review in January and launched an investigation. Facebook did not say for how long they had been storing passwords in this way.

It will be notifying hundreds of millions of Facebook users and tens of thousands of Instagram users if their passwords were involved.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday.

He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

Keeping passwords hashed, or encrypted, is widely regarded as fundamental to cybersecurity, as passwords exist to for users to authenticate their identity without others knowing how.

"Encrypting passwords is Security 101," said Marcus Carey, the CEO Threatcare, an Austin cybersecurity company. "If they can't get the basic principles of cybersecurity right, they are surely failing on the tougher challenges."

Facebook shared information about the security incident soon after it was first reported by Krebs on Security.

Facebook said that hundreds of millions of users of Facebook Lite had been impacted, while tens of millions of regular Facebook users were impacted.

Facebook Lite is a version of Facebook popular among people in parts of the world with less connectivity. CNN Business has asked Facebook why users of Facebook Lite were so highly impacted.

In Europe, Facebook is headquartered in Ireland, where it is regulated by the Irish Data Protection Commission. A commission spokesperson told CNN Business that Facebook had informed it of the issue and that it was awaiting further information. The commission currently has several investigations into Facebook's compliance with European data laws ongoing; the company could face fines upwards of $1 billion as a result of those investigations.

Article Comments

Terre Haute
Overcast
45° wxIcon
Hi: 46° Lo: 41°
Feels Like: 39°
Robinson
Overcast
44° wxIcon
Hi: 46° Lo: 41°
Feels Like: 37°
Indianapolis
Overcast
44° wxIcon
Hi: 46° Lo: 39°
Feels Like: 36°
Rockville
Overcast
45° wxIcon
Hi: 45° Lo: 40°
Feels Like: 39°
Casey
Overcast
45° wxIcon
Hi: 48° Lo: 40°
Feels Like: 36°
Brazil
Overcast
45° wxIcon
Hi: 46° Lo: 40°
Feels Like: 39°
Marshall
Overcast
45° wxIcon
Hi: 47° Lo: 41°
Feels Like: 39°
Rainy, Windy & Colder
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

Friday Afternoon Weather

Image

April in Paris, Country Club of Terre Haute April 25 10am

Image

All You Need to Know for Friday

Image

Occasional showers. Windy. Colder. High: 46°

Image

Do you want a casino in Terre Haute?

Image

Rain, rain, and rain - Kevin breaks down the forecast

Image

West Vigo baseball

Image

Kids in the kitchen at the children's museum

Image

North Central Parke Schools to get new superintendent

Image

Putnam County Police Officer honored

WTHI Events