Facebook staff had access to hundreds of millions of people's passwords

CNN's Jon Sarlin explores the different ways that the social media giant has kept competitors at bay — and why that could now spell trouble.

Posted: Mar 21, 2019 4:48 PM


Facebook revealed on Thursday it didn't properly mask the passwords of hundreds of millions of its users and stored them in an internal database that could be accessed by its staff.

The company said it discovered the passwords during a security review in January and launched an investigation. Facebook did not say for how long they had been storing passwords in this way.

It will be notifying hundreds of millions of Facebook users and tens of thousands of Instagram users if their passwords were involved.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday.

He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

Keeping passwords hashed, or encrypted, is widely regarded as fundamental to cybersecurity, as passwords exist to for users to authenticate their identity without others knowing how.

"Encrypting passwords is Security 101," said Marcus Carey, the CEO Threatcare, an Austin cybersecurity company. "If they can't get the basic principles of cybersecurity right, they are surely failing on the tougher challenges."

Facebook shared information about the security incident soon after it was first reported by Krebs on Security.

Facebook said that hundreds of millions of users of Facebook Lite had been impacted, while tens of millions of regular Facebook users were impacted.

Facebook Lite is a version of Facebook popular among people in parts of the world with less connectivity. CNN Business has asked Facebook why users of Facebook Lite were so highly impacted.

In Europe, Facebook is headquartered in Ireland, where it is regulated by the Irish Data Protection Commission. A commission spokesperson told CNN Business that Facebook had informed it of the issue and that it was awaiting further information. The commission currently has several investigations into Facebook's compliance with European data laws ongoing; the company could face fines upwards of $1 billion as a result of those investigations.

West Lafayette
Clear
69° wxIcon
Hi: 87° Lo: 63°
Feels Like: 69°
Kokomo
Clear
63° wxIcon
Hi: 84° Lo: 63°
Feels Like: 63°
Rensselaer
Clear
61° wxIcon
Hi: 85° Lo: 61°
Feels Like: 61°
Fowler
Clear
61° wxIcon
Hi: 85° Lo: 61°
Feels Like: 61°
Williamsport
Scattered Clouds
66° wxIcon
Hi: 86° Lo: 62°
Feels Like: 66°
Crawfordsville
Scattered Clouds
64° wxIcon
Hi: 85° Lo: 63°
Feels Like: 64°
Frankfort
Clear
65° wxIcon
Hi: 83° Lo: 62°
Feels Like: 65°
Delphi
Clear
63° wxIcon
Hi: 85° Lo: 62°
Feels Like: 63°
Monticello
Clear
63° wxIcon
Hi: 85° Lo: 62°
Feels Like: 63°
Logansport
Clear
63° wxIcon
Hi: 84° Lo: 62°
Feels Like: 63°
Warmer with More Humidity and a Few Storms This Weekend
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 77565

Reported Deaths: 3105
CountyConfirmedDeaths
Marion16304733
Lake7840283
Elkhart499287
Allen4103164
St. Joseph368183
Hamilton2941104
Vanderburgh208215
Hendricks1972109
Cass18099
Johnson1800119
Porter139139
Clark133350
Tippecanoe126312
Madison104866
LaPorte95730
Howard93865
Kosciusko87212
Bartholomew84447
Floyd83750
Marshall80123
Monroe77732
Delaware76852
Vigo75213
Dubois71812
Noble70829
Boone70446
Hancock69439
Jackson6065
Warrick60030
Shelby57228
LaGrange56910
Grant53230
Dearborn52228
Morgan49235
Henry46020
Clinton4564
Wayne40210
White38011
Montgomery36321
Lawrence35827
Harrison35524
Decatur34732
Putnam3288
Daviess28420
Miami2792
Scott27810
Jasper2592
Greene25634
Franklin24915
Gibson2434
DeKalb2424
Jennings23212
Ripley2208
Steuben2173
Fayette2057
Carroll2033
Perry18813
Posey1810
Starke1817
Orange17924
Wabash1795
Wells1782
Fulton1742
Jefferson1722
Knox1681
Whitley1606
Tipton15416
Sullivan1521
Washington1481
Clay1415
Spencer1393
Randolph1325
Huntington1303
Newton12110
Adams1202
Owen1101
Jay940
Rush914
Pulaski841
Fountain762
Brown752
Blackford662
Pike660
Ohio656
Benton630
Vermillion610
Parke591
Switzerland560
Martin500
Crawford480
Union410
Warren251
Unassigned0207

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events