Despite the fact that millions of us rely on Facebook to keep us informed and connected, it’s been a rough couple of years for the biggest social media platform. One of the top concerns surrounding Facebook is its security, or lack thereof — and recent news certainly doesn’t inspire confidence.
The alarm was sounded earlier this month.
Cybersecurity reporter Brian Krebs initially reported on March 19th that Facebook has been handling stored passwords in a way that leaves a lot to be desired — and they’ve been doing this for years.
All stored in plain text.
Krebs said that the passwords of Facebook users were stored in plain text — a low security measure for one of the internet’s biggest companies. Plain text is far more vulnerable than more encrypted methods.
Employees could access this data.
Krebs said that more than 20,000 Facebook employees could have searched the passwords database. An insider told him that 2,000 employees made about nine million internal searches for data that included user passwords.
Facebook has responded.
In a post dated two days after Krebs’ investigation, Facebook’s VP of Engineering, Security and Privacy said that the company became aware of the breach back in January .
It’s an effort at damage control.
It’s interesting that Facebook didn’t make this announcement at the time they became aware of it, and instead waited until a whistleblower’s report blew the cover off the breach and made it public.
The response is somewhat reassuring.
Facebook says password data were never visible to anybody outside of Facebook and the information probably wasn’t abused, and that they plan to notify “hundreds of millions” of users about the password snafu.
Facebook is conducting a review.
Appropriately, they plan to fix problems and vulnerabilities in the way they store passwords. They also offer users tips on securing their account, which is a bit rich considering it was the company that leaked the passwords.
How many people could be affected?
In Krebs’ initial report, he said as many as 600 million users (one in five users) could be affected. Facebook didn’t go into specifics in their announcement about how many users could be affected.
Facebook’s faced a lot of bad press.
There have been calls for the Federal Trade Commission to investigate alleged antitrust violations at Facebook. Rhode Island Representative David N. Ciciline penned an op-ed calling for lawmakers to take a closer look just this month.
There’s also the whole Cambridge Analytica thing.
In what’s become a dark cloud hanging over Facebook founder Mark Zuckerberg, the revelation that Facebook had allowed a data mining firm to access personal data was a major red flag for security advocates.
The plain text bug is a recurring problem.
It might be Facebook’s first run-in with this issue, but it’s affected other big internet platforms in the past. Both Github and [Twitter])https://techcrunch.com/2018/05/03/twitter-password-bug]( https://techcrunch.com/2018/05/03/twitter-password-bug/ ) have experienced similar bugs that potentially exposed users’ passwords in plain text.
We’ll see how Facebook recovers.
Responding to a potentially serious breach months after the event, and only after the event has been reported elsewhere, isn’t the best look. Facebook hasn’t explained why they waited so long.
What are your thoughts?
There doesn’t seem to be much encouraging news about Facebook these days, but it’s tough to tear yourself away from social media. At what point would you say “enough’s enough” and delete your account?
