Facebook Fixes Glitch That Exposed Users’ Passwords To Employees
Facebook’s indiscretions regarding their users’ security policies have been quite frequent over the last few months, a fresh serious loophole has been detected in the social media platform. As per the sources, the American organization admitted to a bug that apparently exposed all user passwords to the employees of the company. And on top of that, all the passwords were stored in plaintext, not in an encoded manner. Reportedly, the passwords date back to 2012.
About The Encryption
Organizations usually encode user passwords with a process called hashing, which includes the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Doing so encrypts the passwords and only allows access to those who have the encryption key/hashing key. In this case, Facebook failed to take the necessary steps for the same and ended up making a mistake that could’ve provided hackers with an unlocked playground.
Effects Of The Bug
Facebook’s VP stated that the flaw was detected as a part of a routine security review in the month of January. He also stated that Facebook’s login technology employs a different strategy that doesn’t risk the exposure of sensitive data. Also, he mentioned that the company had found no evidence of the data being accessed improperly and that the passwords were never visible to any person outside the organization. After being brought to light, the company itself came forward with a statement that it will notify all the Facebook and Instagram users regarding the bug, and how it has fixed all instances of the same.
Previously in 2018, crackers stole a bunch of data files from almost 50 million users. This was done by accessing the account access tokens of users, which gave the attackers access to the account details. Consequently, this information was further processed, which led to the discovery of the aforementioned password exposing bug in the internal system.
Facebook cleared up things by saying that all the exposed passwords were stored in different places on the platform, indicating that they weren’t vulnerable to any one single form of attack. Also, the company stated that the passwords were not captured via login credentials, instead, a lot of internal mechanisms like crash logs had given birth to plaintext passwords. It is interesting to see how Facebook will keep up with the loopholes emerging in the systems since social media security is a huge concern these days.