Oops, We Saw Your Passwords

Did you know that Facebook employees could, up until recently, read user passwords on millions of accounts?

According to a Bloomberg News item in AdAge, a security review in January revealed that passwords were stored in a format that made them readable by FB staffers.

“During a security review in January, Facebook found that the passwords were stored in a readable format, against its security procedures, but that they were never visible to anyone outside of the company,” the article notes.

This news comes on the heels of the very bad 2018 Facebook just experienced and certainly does little to regain consumer trust.

Facebook, with their usual masterful spin, posted news about the discovery in an article from their newsroom titled “Keeping Passwords Secure.” The irony of that title did not escape the Twittersphere.

The security gaffe was apparently leaked to security blog KrebOnSecurity.

“The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees,” KrebsOnSecurity wrote, according to AdAge.

After a year of mounting lawsuits, falling consumer trust, disillusioned ad execs and political skewering, it’s just one more bucket of sand to drop into that litter box.

Whether you believe Facebook is an integral part of modern life or a behemoth that got too big too fast with too little oversight, one thing is certain. This isn’t the last of the data debacles from the social giant.