Facebook Stored Millions Of Unencrypted Passwords On Its Computer Servers

Facebook on Thursday said it had for years stored millions of user passwords in plain text.

Friday, March 22nd 2019, 4:19 am

By: News On 6


Facebook on Thursday said it had for years stored millions of user passwords in plain text, a significant oversight for a company that remains in the spotlight for failing to protect users' privacy. A Facebook executive said in a post that the un-encrypted passwords were stored on internal servers and were not accessible to outsiders.

 

Despite such reassurances, privacy experts were quick to express concern: "Security rule 101 dictates that under no circumstances passwords should be stored in plain text, and at all times must be encrypted," said cybersecurity expert Andrei Barysevich of Recorded Future. "There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users' passwords in plain text."

The security blog KrebsOnSecurity said some 600 million Facebook users may have had their passwords stored in plain text. Facebook said it would likely notify "hundreds of millions" of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users of the issue.

Facebook said it discovered the problem in January. But according to Krebs, in some cases the passwords had been stored in plain text since 2012. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.

Barysevich said he could not recall any major company caught leaving so many passwords exposed internally. He said he's seen a number of instances where much smaller organizations made such information readily available not just to programmers but also to customer support teams.

Security experts recommend using a tool like HaveIBeenPwned to check if a password has been compromised. Some also recommend using a password manager to regularly update complex passwords.

First published on March 21, 2019 / 1:41 PM

© 2019 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

 
logo

Get The Daily Update!

Be among the first to get breaking news, weather, and general news updates from News 9 delivered right to your inbox!

","published":"2019-03-22T09:19:53.000Z","updated":"2019-03-22T09:19:53.000Z","summary":"Facebook on Thursday said it had for years stored millions of user passwords in plain text.","affiliate":{"_id":"5c784a0c4961cb23ad330098","callSign":"kotv","origin":"https://www.newson6.com"},"contentClass":"news","createdAt":"2020-02-01T18:58:54.718Z","updatedAt":"2025-05-24T11:08:21.841Z","__v":11,"breakingNews":[],"entities":[{"_id":"624601206880e45323dfae07","text":"Andrei Barysevich","type":"PERSON","__v":0},{"_id":"623b9f6c6880e4532398f53d","text":"Facebook","type":"ORGANIZATION","__v":0},{"_id":"623c44d36880e45323fb855c","text":"Instagram","type":"ORGANIZATION","__v":0},{"_id":"6239a2e46880e4532342261c","text":"CBS Interactive Inc.","type":"ORGANIZATION","__v":0}],"hasBeenCheckedForEntities":true,"openInNewWindow":false,"rendered":35,"peerReviewer":"5c7850eac1778925af4208da","peerReviewedOn":"2025-04-05T20:12:26.524Z","wordCount":300,"show":true,"link":"/story/5e35ca6e2f69d76f62014951/facebook-stored-millions-of-unencrypted-passwords-on-its-computer-servers","hasSchedule":false,"id":"5e35ca6e2f69d76f62014951"};

More Like This

March 22nd, 2019

April 30th, 2025

April 30th, 2025

April 30th, 2025

Top Headlines

June 1st, 2025

May 31st, 2025

May 31st, 2025

May 31st, 2025