- How to watch ‘Game of Thrones’ season 8, episode 2 for free 1 Month Ago
- Gendry is making a new weapon for Arya Stark—but what is it? 1 Month Ago
- The live-action Halo series could be Showtime’s most ambitious project yet Today 6:00 AM
- How to watch Turner Classic Movies for free Today 5:30 AM
- How to watch Real Madrid vs. Athletic Bilbao online for free Today 5:00 AM
- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Saturday 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Saturday 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Saturday 7:30 AM
Stock Catalog/Flickr (CC-BY)
Facebook passwords for hundreds of millions of users were stored unencrypted and accessible to employees for at least seven years.
The incident, first reported by KrebsOnSecurity, is believed to have affected anywhere between 200 million and 600 million users.
As many as 20,000 employees had access to the plaintext passwords, which were stored on internal company servers.
KrebsOnSecurity also wrote that a Facebook source indicated that roughly 2,000 company engineers and developers made “nine million internal queries for data elements that contained plain text user passwords.”
Facebook confirmed the issue in a blog post on Thursday and stated that the problem was discovered last January as part of a routine security review.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” stressed Facebook’s Pedro Canahuati, VP of engineering, security, and privacy.
While the statement failed to provide specifics, Facebook estimates that it will have to notify “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
The company says it will not force password resets but anyone concerned about the security of their account can change their password and enable two-factor authentication.
The password incident comes as Facebook attempts to rebrand itself as a privacy-conscious company following months of continuous scandals.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.