SEVERE WX : Freeze Warning View Alerts
STREAMING NOW: Watch Now

Facebook staff had access to hundreds of millions of people's passwords

Article Image

CNN's Jon Sarlin explores the different ways that the social media giant has kept competitors at bay — and why that could now spell trouble.

Posted: Mar 21, 2019 4:48 PM


Facebook revealed on Thursday it didn't properly mask the passwords of hundreds of millions of its users and stored them in an internal database that could be accessed by its staff.

The company said it discovered the passwords during a security review in January and launched an investigation. Facebook did not say for how long they had been storing passwords in this way.

It will be notifying hundreds of millions of Facebook users and tens of thousands of Instagram users if their passwords were involved.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday.

He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

Keeping passwords hashed, or encrypted, is widely regarded as fundamental to cybersecurity, as passwords exist to for users to authenticate their identity without others knowing how.

"Encrypting passwords is Security 101," said Marcus Carey, the CEO Threatcare, an Austin cybersecurity company. "If they can't get the basic principles of cybersecurity right, they are surely failing on the tougher challenges."

Facebook shared information about the security incident soon after it was first reported by Krebs on Security.

Facebook said that hundreds of millions of users of Facebook Lite had been impacted, while tens of millions of regular Facebook users were impacted.

Facebook Lite is a version of Facebook popular among people in parts of the world with less connectivity. CNN Business has asked Facebook why users of Facebook Lite were so highly impacted.

In Europe, Facebook is headquartered in Ireland, where it is regulated by the Irish Data Protection Commission. A commission spokesperson told CNN Business that Facebook had informed it of the issue and that it was awaiting further information. The commission currently has several investigations into Facebook's compliance with European data laws ongoing; the company could face fines upwards of $1 billion as a result of those investigations.

Article Comments

West Lafayette
Overcast
45° wxIcon
Hi: 52° Lo: 33°
Feels Like: 37°
Kokomo
Overcast
45° wxIcon
Hi: 49° Lo: 31°
Feels Like: 36°
Rensselaer
Broken Clouds
46° wxIcon
Hi: 48° Lo: 31°
Feels Like: 39°
Fowler
Broken Clouds
46° wxIcon
Hi: 49° Lo: 31°
Feels Like: 39°
Williamsport
Overcast
45° wxIcon
Hi: 51° Lo: 33°
Feels Like: 38°
Crawfordsville
Broken Clouds
44° wxIcon
Hi: 51° Lo: 33°
Feels Like: 35°
Frankfort
Overcast
46° wxIcon
Hi: 51° Lo: 32°
Feels Like: 39°
Delphi
Broken Clouds
46° wxIcon
Hi: 49° Lo: 32°
Feels Like: 37°
Monticello
Broken Clouds
46° wxIcon
Hi: 50° Lo: 31°
Feels Like: 37°
Logansport
Broken Clouds
46° wxIcon
Hi: 49° Lo: 30°
Feels Like: 39°
Colder & very windy with some spotty rain & rain/snow.
WLFI Radar
WLFI Temps
WLFI Planner

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events