{"id":133223,"date":"2019-03-26T16:56:20","date_gmt":"2019-03-26T16:56:20","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=133223"},"modified":"2025-07-01T22:11:20","modified_gmt":"2025-07-02T05:11:20","slug":"facebook-plain-text-passwords","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/facebook-plain-text-passwords\/","title":{"rendered":"Facebook stored hundreds of millions of user passwords insecurely"},"content":{"rendered":"

Facebook is becoming more famous for not being very good at looking out for its users than it is for being a social network. Although, over the last few years the scandals coming out of Facebook HQ have been much more serious and have had some pretty wide-reaching and devastating consequences, this latest blunder is the stupidest by far.<\/strong><\/p>\n

Hundreds of million of Facebook and Instagram user passwords were stored unencrypted as text on internal servers<\/h2>\n
\"Facebook
Image via: Facebook<\/a><\/figcaption><\/figure>\n

A recent Facebook blog post<\/a> described how a routine security review showed that \u201csome\u201d user passwords were being stored in a readable text format. The post goes on to say that Facebook will be notifying all affected users and it is here that the \u201csome\u201d mentioned earlier magically becomes \u201chundreds of millions\u201d<\/p>\n

In the blog post, Pedro Canahuati who is Facebook\u2019s VP for Engineering, Security, and Privacy writes, \u201cWe estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.<\/strong>\u201d If you\u2019re a Facebook Lite user you are exponentially more likely to have had your password stored in this insecure manner at Facebook HQ.<\/p>\n

\r\n

More about Facebook's scandals<\/p>\r\n

\r\n \r\n
\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

Facebook deliberately shared your data with 60 companies \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n \r\n

\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

Facebook banned \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n

\r\n \r\n
\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

Facebook suspends over 200 apps in the wake of the Cambridge Analytica scandal \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n \r\n

\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

Facebook deletes over 200 accounts and pages linked to Russian troll farm \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n

Canahuati does go on to mention, however, that none of the passwords were visible to anybody outside of Facebook<\/strong> and that the company has found no evidence that any Facebook employee has abused or improperly accessed the insecure list of user passwords.<\/p>\n

Outside of Facebook, security expert Brian Krebs has also written a blog post on the latest Facebook blunder<\/a>. According to Krebs, who cites an insider at Facebook, the internal investigation \u201cso far indicates between 200 million and 600 million Facebook users<\/strong> may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees.\u201d The insider goes on to say, \u201cAccess logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.\u201d<\/p>\n

\"A
Hundreds of millions is a LOT of passwords<\/figcaption><\/figure>\n

Krebs went on though to point out that the further the investigation progresses the easier Facebook\u2019s legal team feels about the whole situation. It looks increasingly likely that although Facebook is going to have to notify all affected users, no actual password resets will be required.<\/p>\n

This doesn\u2019t come close to being one of the most serious scandals to rock Facebook recently. From causing depression<\/a> to tracking location without permission<\/a> the scandals just haven\u2019t stopped coming at Facebook for a period of years now. This is symptomatic, however, of a wider malaise at Facebook. The social network just doesn\u2019t seem to care about its users. Not even enough to store their passwords, which protect some of the most intimate parts of their lives, properly and in a secure manner. The social network needs to have a look at itself and start thinking about how it is going to fix itself<\/a>.<\/p>\n

\r\n

More from Softonic<\/p>\r\n

\r\n \r\n
\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

Facebook vs Facebook Lite: What are the differences between the apps? \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n \r\n

\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

How to find out what Facebook knows about you \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n

\r\n \r\n
\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

How to bulk delete apps and website logins on Facebook \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n \r\n

\r\n
\r\n
<\/div>\r\n <\/div>\r\n
\r\n

How to download all your Facebook data in just a few minutes \u25ba<\/p>\r\n <\/div>\r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Hundreds of million of Facebook and Instagram user passwords were stored unencrypted as text on internal servers.<\/p>\n","protected":false},"author":9073,"featured_media":133227,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2353,1059,1063,1027],"usertag":[839],"vertical":[],"content-category":[],"class_list":["post-133223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionfacebook","tag-facebook","tag-facebook-messenger","tag-security","usertag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/133223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=133223"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/133223\/revisions"}],"predecessor-version":[{"id":326367,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/133223\/revisions\/326367"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/133227"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=133223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=133223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=133223"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=133223"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=133223"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=133223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}