Facebook employees had access to 600M user passwords

Mackenzie Garrity - Print  | 

A slew of Facebook employees had access to anywhere between 200 million and 600 million user passwords, dating back to 2012, according to cybersecurity journalist Brian Krebs and reported by CNBC.

The passwords were stored without encryption and viewable in plain text to thousands of company employees. Facebook confirmed the cybersecurity journalist’s findings in a blog post.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage system,” Facebook wrote in a statement to CNBC. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we found we stored this way.”

Facebook’s blog post did not state the exact number of users affected. A company software engineer said no information has been misused and said, “there was no actual risk that’s come from this.”

The social media company started notifying users March 21 and has 72-hours to notify the affected.

More articles on health IT:
Chan Zuckerberg Initiative awards $1M to Johns Hopkins microscope facility director
St. Luke's University health system adds remote patient monitoring data to Epic EHR
Mount Sinai to expand EHR access, care services through partnership with One Medical

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.