Facebook left passwords of over 600 million users readable by employees

“Facebook says it has fixed the security loophole and will send notifications to affected users to change their password”

Facebook’s perilous privacy standards continue to worsen by the day as a new blog post by the company said on Thursday that it found many user passwords were readable by employees after a security researcher exposed the lapse. Security blog KrebsOnSecurity reported that passwords of some 600 million users were left out in the open and employees had access to it. Facebook says that it found the issue in January this year but security researcher Brian Krebs wrote in his report that some passwords have been stored in plain text since 2012.


As Facebook explains, the issue didn’t arise because of a single bug. Instead, this happened in a variety of situations including an app crash where the crash log captured the password. However, this cannot be used as an excuse for what is a very fundamental computer-security practice. If it’s worth any comfort, the social media platform does say that the data has not been misused by employees, and certainly not anyone outside of the organisation. Security experts have strongly suggested that users should change their passwords.

Ironically, the news broke after Facebook CEO Mark Zuckerberg talked about a new “privacy-focused vision” for the social network a couple of weeks ago. The new situation would be embarrassing for such a large scale platform that has been marred by security and privacy issues since last year. The readable passwords aren’t dangerous for user privacy unless an adversary with maligned intentions got hold of such data though. That’s concerning as Facebook’s recent data breach that exposed 29 million accounts happened just back in September last year. In any case, Facebook said it will be sending notifications to users urging them to change their passwords.