The social media giant has admitted to storing millions of user passwords in plain text format, a huge cybersecurity no-no. How could this have slipped through the cracks?
Pedro Canahuati, VP of Cybersecurity, Privacy, and Engineering at Facebook, reported they were able to discover some passwords being stored in a readable format during a routine security review in January. Naturally, this sparked their interest, since Facebook’s login systems employ password masking technology.
Canahuati will be notifying everyone believed to be affected by this. To make matters a bit less alarming, to this date, Facebook has no evidence of anyone outside of the company being able to access or misuse them. He went on to explain that the company hashes as well as salts the passwords.
To this end, cryptography is used and the company is able to tell when a user is logging in with the correct password without actually having to store it in a readable format.
Facebook has already had to deal with people trying to use the platform for spreading fake news and companies using it to harvest data from users’ profiles, and now, this is another black mark on the list.
Earlier in the month, Mark Zuckerberg, Facebook’s CEO, promised to make privacy and cybersecurity the focus going forward. Judging from his recent statements, he understands that people may not have the strongest faith in Facebook establishing a privacy-focused platform due to the sins in its past.