Published: Mon, March 25, 2019
Tech | By Constance Martin

Facebook fixes glitch that exposed millions of user passwords to employees

Facebook fixes glitch that exposed millions of user passwords to employees

A Facebook employee could have shared your password with someone else who would then have improper access to your account, for instance.

Facebook says it's aware of the potential for misuse in other areas, and says it monitors publicly posted databases of stolen credentials to check if any compromised passwords match those of its users. But thousands of employees could have searched them. Meanwhile, users are advised to enable a two-factor authentification and change their password. And none of that is including the wide-scale improper data sharing issues that kicked off with Cambridge Analytica and started putting real pressure on the company to change its practices. This keeps happening with Facebook, to the point where many don't find themselves surprised at any revelation about the company's handling of user data anymore, while the reassurances coming from the social media network mean less and less.

The data breach affected users of Facebook, Facebook Lite, and Instagram as well which is Facebook-owned. It is used primarily in developing countries.

The social network giant Facebook has committed a very serious security error, in fact, it is the biggest security error that can be committed by an online service like this. The company wants to encourage small groups of people to carry on encrypted conversations that neither Facebook nor any other outsider can read.

However, the twist this time is that the passwords that got leaked have been visible to only the company's internal employees and none from the outside world.

In public comments, Facebook said it had discovered the issue in January as part of a routine security review. If that is not all, the mess started way back in 2012 itself.

2nd ship needs rescue off Norway's western coast
The cruise line said anyone with concerns about passengers aboard the ship can look for updates on its website . The ship's passengers are reportedly mostly American and British tourists.

The Company admitted notifying affected users.

The problem, according to Facebook, wasn't due to a single bug. This happened in a variety of circumstances - for example, when an app crashed and the resulting crash log included a captured password. The security flaw put millions of users' privacy at stake.

The security failure is another embarrassment for Facebook, a $470 billion colossus that employs some of the most sought-after cybersecurity experts in the industry.

Should you change Facebook password?

Facebook admits that it mishandled sensitive passwords for hundreds of millions of its users, primarily those who use its Facebook Lite product. "With this technique, we can validate that a person is logging in with the correct password without actually having to store the password in plain text", Canahuati said.

GitHub and Twitter were hit by a similar, but independent, bug past year. Facebook has now confirmed that it mistakenly stored some passwords in plaintext.

Like this: