When it comes to Facebook and security it seems there is one potentially damaging lapse after another.
The latest comes via an exclusive report from the KrebsOnSecurity security news site, flagging that hundreds of millions of Facebook users have had their account passwords stored in plain text that could be searched by more than 20,000 Facebook employees — in some cases dating back to 2012.
The author of the report, Brian Krebs, says Facebook told him that none of the employees, to the company’s knowledge, has abused the data.
Facebook has not yet responded to a USA TODAY request for comment.
Citing an unnamed senior Facebook employee as the source, Krebs says the social network is probing the causes of a series of security failures in which employees built applications that logged the unencrypted password data, which apparently numbers between 200 million and 600 million.
A Facebook software engineer told Krebs the company would be alerting users today and that the issue first came to light this past January.
Facebook has been a magnet for disturbing news the past couple of years or so, leaving some people to break up with the service for good and placing CEO Mark Zuckerberg on the hot seat. Only last week, according to a New York Times report, came news that Facebook’s data practices are under criminal investigation. And Facebook has been riddled by scandals ranging from Cambridge Analytica and fake news to Messenger Kids scandals and other security breaches.
Krebs told USA TODAY that “Facebook’s motto has long been `move fast, break things,’ and this situation seems to be one unfortunate manifestation of that mantra. It’s easy to see how a Facebook engineer or developer might enable password logging for a short period of time — to troubleshoot a specific problem, for example. But it’s also easy for that developer to forget to undo that logging.”
Were consumers harmed here? “The more people at Facebook who have access to this data, the greater the likelihood that someone will abuse that access,” Krebs says. “When you start getting into the realm of tens of thousands of employees with that opportunity over as much as seven years, the chances for harm or abuse would seem to go up considerably.”
———
© 2019 USA Today
Distributed by Tribune Content Agency, LLC.
