A new flaw in Facebook security exposed the passwords of 8 million users to 20,000 employees of the social network. The data protection failure was exposed by the security researcher Brian Krebs, who found that up to 600 million passwords were stored in plain text.
As he shows, the passwords that were exposed could date back to 2012. Facebook said in a statement that it had now resolved a ”glitch” that had stored the passwords on its internal network.
Facebook also said that the issue was discovered in January during a routine security review and the investigation that followed showed that most people affected were users of Facebook Lite, a version of the social network used by nations were net connections are slow.
“Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” said Pedro Canahuati, Facebook vice president of engineering, security and privacy.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” the company told Reuters.
In September last year, it said information on 50 million users had been exposed by a security flaw. And earlier in 2018 it revealed that data on millions of users had been harvested by data science company Cambridge Analytica. Even with the latest issues, it is worth saying that Facebook has relatively few technical security failures considering such a prominent target.