Yet another day, and yet another security breach at Facebook. It has literally become that frequent now.
Facebook has now confirmed, that a security breach within the internal systems of the company had left passwords of ‘some’ users in ‘readable’ format. The breach came into light when it was highlighted by noted cybersecurity reporter Brian Krebs in a recent post on his ‘Krebs Security’ blog. Facebook says that it came across the issue during a ‘routine security review’. Well, not sure about what ‘routine’ the company follows but we are glad that this finally came up.
The company has not revealed the number of users that have been affected by the breach. It does mention that it will ask ‘hundreds of millions’ of users to change their passwords. Krebs however, has revealed that the flaw could have affected a massive 600 million users, representing roughly a quarter of the platform’s 2.7 billion users globally.
Krebs further reveals that the bug has been in existence since 2012 and it is only now that Facebook has identified the same. His own internal investigation so far indicates between 200 million and 600 million users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees.
Talking about visibility of these passwords, Facebook’s own statement is pretty much in line with what Brian Krebs has mentioned. Facebook’s VP of Security Pedro Canahauti talks about the same, in a rather uncomfortably convenient tone, “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” Canahuati’s ambiguous and unconfirmed statement only highlights the dire state of affairs, when it comes to user security and privacy, at Facebook.
The company says it will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Considering that ‘hundreds of millions’ of Lite users need to be notified, it looks like most affected users could well be in developing markets, since Lite is primarily meant for users in low and slow connectivity regions.
While the breach has been fixed, this is yet another example of how things have clearly become difficult to manage for the 2.7 billion users strong Facebook. And if the world’s biggest repository of users’ personal information can’t keep it safe, then the need for major reforms — and perhaps an independent review — of the security systems for all of these social media platforms is evident.