It has been reported that the passwords of hundreds of millions of Facebook users were made accessible to as many as 20,000 employees of the social site.
Brian Krebs, a security researcher, was the first to break the news about the data protection failure, which has seen the passwords of up to 600 million users stored as plain text files and made accessible to the company’s employees. These exposed passwords date back at least seven years, to 2012.
In a statement released by the company, Facebook has now explained that it has resolved what it is calling a glitch that meant the passwords were being stored on the firm’s internal networks.
Krebs has released a detailed exposé stating that a source from the company told him about some ‘security failures’ allowing developers to create applications that were able to log and store these passwords, without any encryption protection.
In response to Krebs’ story, Scott Renfro, an engineer with Facebook, highlighted that an internal investigation commenced following Facebook’s discovery of these logs, with the results suggesting that there were not any signs of data misuse.
Furthermore, Facebook has claimed that the issue was discovered back in January as part of its routine security reviews, which are carried out regularly. Its investigation shows that the majority of those affected by the issue were users of the company’s Facebook Lite app, which is primarily used by people in nations where internet connections are scarce and slow.
Facebook explained to Reuters that it plans to notify those who have been affected, which includes:
“Hundreds of millions of Facebook Lite users; tens of millions of other Facebook users, and tens of thousands of Instagram users.”
It also clarified that it would prompt these users to reset their passwords only if its taskforce analysing the issue discover that these login details have been abused.
The news comes at a time where the company is facing plenty of criticism for the way it is handling data, with many organisations and individuals voicing concerns over privacy and how Facebook protects its data.
Last September, Facebook revealed that the data of 50 million users was exposed due to a security flaw and in February last year, there was the Cambridge Analytica scandal that saw the information of millions being harvested by the data science firm, Cambridge Analytica.
These issues just further highlight that Facebook needs to be more transparent with how it handles data and how it uses it as well as increasing its security and privacy measures.