قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Facebook did not securely store passwords. Here's what you need to know.

Facebook did not securely store passwords. Here's what you need to know.



SAN FRANCISCO – Facebook said Thursday that millions of user account passwords had been kept insecure, potentially allowing employees to access people's accounts without their knowledge.

The Silicon Valley company published the security error around the same time Brian Krebs, a cyber security writer, reported the password vulnerability. Mr. Krebs said a Facebook review had found that hundreds of millions of user passwords from 2012 were stored in a format known as plain text, making the passwords readable to more than 20,000 of the company's employees.

Facebook said it had not found any signs of abuse and that it would start warning millions of its users and thousands of Instagram users about the problem. The company said it would not require people to reset their passwords.

The security error is another embarrassing one for Facebook, a $ 470 billion colossus that employs some of the most sought after cyber security experts in the industry. It adds to a growing list of computer scandals that have ravaged Facebook's reputation over the past few years. Last year, it revealed in revelations that a political consulting firm was mistakenly accessing the data of millions. Facebook also showed that an attack on its network had exposed the personal information of tens of thousands of users.

In response, the company repeatedly said it plans to improve how it protects people's data.

"There is nothing more important to us than protecting people's information, and we will continue to make improvements in our ongoing security efforts on Facebook," Pedro Canahuati, Facebook's Vice President of Security and Privacy Technology, said in a blog post on Thursday.

Here is an overview of what you need to know about the password's vulnerability and what you can do.

Saving passwords in plain text is a bad security practice. It leaves passwords widely open to cyber attacks or potential employee abuse. A better security practice would have been to keep the passwords in an encrypted format that is impossible.

Facebook said it had not found any signs of abuse, but that does not mean that it did not occur. Referring to a Facebook insider, Mr Krebs said that entry records revealed that 2,000 engineers or developers had made nine million requests for data containing plain-text user passwords.

A Facebook employee could have shared your password with someone else who would have incorrect access to your account. Or an employee could have read your password and used it to log on to another site where you used the same password. There are plenty of options.


Source link