.png "back to home page")
What's most striking about this is how it flies in the face of everyone's perception of big internet tech companies (Facebook, Google, etc) as having excellent security practices across the board (privacy is another matter). This years-long incident is a case study in sloppiness.
— Spencer Dailey (@spencerdailey) March 21, 2019
Facebook says it will be notifying "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" that their passwords were stored in a readable format https://t.co/7XYaTuPHz6
— Seth Fiegerman (@sfiegerman) March 21, 2019
“Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned.” https://t.co/82w28ulXIl
— Sarah Frier (@sarahfrier) March 21, 2019
Facebook’s “newsroom”, which is not a newsroom, publishes a piece titled “Keeping Passwords Secure” about how it failed to keep passwords secure https://t.co/0rTTCExU7X
— Jon Swaine (@jonswaine) March 21, 2019
Hey @facebook, how’s that pivot into a privacy-focused company going? https://t.co/qAxmANXB5u
— Michael Zimmer (@michaelzimmer) March 21, 2019
This latest @facebook security news is a concern. https://t.co/frFieSmlfY
— Joshua Lowcock (@joshuaUMWW) March 21, 2019
As @KateFazzini notes, the Facebook password exposure could be a violation of GDPR https://t.co/G5u9PIuIQz
— Steve Kovach (@stevekovach) March 21, 2019
This just knocked $FB shares a bit https://t.co/OYemmf1TON
— Joe Weisenthal (@TheStalwart) March 21, 2019
If we ever get the ground truth on why @facebook was storing passwords in the clear, I'll bet 2:1 odds that they were either being logged as a URL parameter or used to impersonate users to see their user experience first hand. 1/2 https://t.co/z2C4rvqpq5
— Jake Williams (@MalwareJake) March 21, 2019
What worries me that Facebook probably wouldn't have come clean had @briankrebs not beat them to the punch. https://t.co/DvQmcjvyB0 pic.twitter.com/SyxlfIKXDe
— Zack Whittaker (@zackwhittaker) March 21, 2019
Enh, just "some" passwords in plaint text. pic.twitter.com/M8CXT7OfmK
— Chris Messina ?☠️ (@chrismessina) March 21, 2019
Man, I wish I had "some" money, like Facebook stored "some" user passwords in plain text.#Privacy #Security #ConsentDecree https://t.co/JVC7acOu8Z
— Chris Messina ?☠️ (@chrismessina) March 21, 2019
Facebook's 'pivot to privacy' is really them just hashing your passwords finally. https://t.co/kigRKCgyKC
— Brad Sams (@bdsams) March 21, 2019
I love it that Facebook's blog post announcing that it accidentally stored hundreds of millions of users' passwords in plain text is headlined "Keeping Passwords Secure" https://t.co/FQgIrSyXKu
— Will Oremus (@WillOremus) March 21, 2019
But what’s a few hundred million plain text passwords amongst friends? ? https://t.co/r4XJdxS95z
— M.G. Siegler (@mgsiegler) March 21, 2019
I was literally just now putting a slide about Facebook scandals in a presentation I'm working on. And now this.
— Martin Bryant (@MartinSFP) March 21, 2019
"Some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords." https://t.co/Mfuaq89BoD
This is lousy for FB because credentials are their top priority to secure.
— Steve Weis (@sweis) March 21, 2019
I've seen this happen at multiple places because someone added verbose debug logs outside the typical framework.
I was guilty of this at Google, but thankfully it was an internal tool in development. https://t.co/356gMWRryg
disturbing lack of detail in this headline and in parts of the post, including the weird mention that there were other resolved security issues -- with not a word on what they are. https://t.co/YpzfGNKM7k
— Tony Romm (@TonyRomm) March 21, 2019
This morning, @briankrebs is reporting that Facebook engineers stored hundreds of millions of people’s passwords in plain text (meaning anyone at the company could search for them and portentously abuse them). Here’s why I’m not surprised: https://t.co/uJ6BqbN8c3
— Sheera Frenkel (@sheeraf) March 21, 2019
Breaking: Facebook stored hundreds of millions of user passwords in plain text. No evidence of abuse but "as a precaution we will be notifying everyone whose passwords we have found were stored in this way." https://t.co/UZPl8GQdZ3
— Joseph Cox (@josephfcox) March 21, 2019
In hindsight, maybe expecting people whose engineering standard was "break stuff more" to implement basic security measures was a bad idea https://t.co/hylgnyo2x0
— Jim Gray (@grayj_) March 21, 2019
Lol when facebook titles the post “keeping passwords secure” then says "we found that some user passwords were being stored in a readable format within our internal data storage systems” https://t.co/SjxjIUik6b
— Hadas Gold (@Hadas_Gold) March 21, 2019
So, this slow trickle needs to stop. Just dump all of the bad things you've done in one long press conference and stop thumis slow drip every other day for 2 years. Getting it all out, voluntarily, at one time is best. Just rip the band aid off. https://t.co/X4jU6eeNpV
— Bärí A. Williams (@BariAWilliams) March 21, 2019
Ask yourself why you would trust Facebook with a single piece of information about yourself. Ask yourself that in light of its latest breach and you’ll come to the same conclusion I have: delete your account. https://t.co/81Idbdtqwn
— Linda ?? #IndictTheTrumpCrimeFamily (@knittinglinda) March 21, 2019
I can get your small shop having an app created for them where passwords are stored in plain text, but Facebook? https://t.co/5vOLBbNAsp
— Hadi Hariri (@hhariri) March 21, 2019
Facebook stored hundreds of millions of passwords unprotected https://t.co/f1AZGuNfKF
— toomas hendrik ilves (@IlvesToomas) March 21, 2019
I wrote about Facebook alerting users that it stored "hundreds of millions" of passwords in plain text https://t.co/hFQDIMfzAY
— alex hern (@alexhern) March 21, 2019
Facebook stored hundreds of millions of passwords unprotected https://t.co/rUTeG9MkZg
— ΞLΞVΞNTH (@3L3V3NTH) March 21, 2019
Facebook employees had access to private passwords for hundreds of millions of people https://t.co/W7ywhBdLwT pic.twitter.com/3vhi9wgZ8v
— Recode (@Recode) March 21, 2019
Facebook employees had access to private passwords for hundreds of millions of people.
— ?Bill Maxwell ?#ImpeachPutin? (@Bill_Maxwell_) March 21, 2019
That sounds very secure. Anyone of their employees could have been compiling lists of data, great for ad campaigns and political campaigns.
All we have is their word. https://t.co/nCg2sRtitN
Anyone else think we're at the "heads must roll" stage for some senior leaders at @Facebook?
— Augie Ray (@augieray) March 21, 2019
These are no longer "mistakes." They are failures of leadership, investment & priorities.
How often can Facebook simply fail at honoring their promises on privacy?https://t.co/fJg8o86KJB
Change your passwords for Instagram/Facebook right now. Millions of passwords stored by Facebook as plain text. Story here. https://t.co/8XhogiyhMT pic.twitter.com/WYu7vr6gnr
— Xeni Jardin (@xeni) March 21, 2019
"Change your Facebook password right now."
— Xeni Jardin (@xeni) March 21, 2019
Facebook stored millions of passwords as plain text. https://t.co/8XhogiyhMT pic.twitter.com/YX3H9o99GG
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
— Raise ur Right Hand (@RaiseURH) March 21, 2019
"As it turns out, 'some user passwords' actually means hundreds of millions of passwords." https://t.co/jjYoGo3Wc0
"Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed.”
— Charles Roop (@CharlesRoopWCTV) March 21, 2019
*facepalm facebook*
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Accesshttps://t.co/uwfOG549wq
"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook"
— david celis (@davidcelis) March 21, 2019
hmmm i dunno, kinda seems like 1. there is, and like 2. you won'thttps://t.co/SUMQd1tj6y
Burn it all down and salt the earth time?https://t.co/if1OO5QuE8
— Rene Ritchie (@reneritchie) March 21, 2019
Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems
— Gary Holland ?? ⭐️⭐️⭐️ ?? (@gholland04) March 21, 2019
.. right, no shock here
.. no way this was an accident .. they should never decrypt them
https://t.co/8GGdw6vtQq
Facebook Inc. will notify hundreds of millions of users that some passwords were stored in a readable format that was accessible to its employees. https://t.co/SY2EFKLjaJ
— Tim Seymour (@timseymour) March 21, 2019
Report: Facebook stored 200-600 million user passwords in plain text for yearshttps://t.co/To7abqV9CD
— The Block (@TheBlock__) March 21, 2019
Burn it all down https://t.co/rDqaLxWZSw
— Mike Dudas (@mdudas) March 21, 2019
Facebook’s “newsroom”, which is not a newsroom, publishes a piece titled “Keeping Passwords Secure” about how it failed to keep passwords secure https://t.co/0rTTCExU7X
— Jon Swaine (@jonswaine) March 21, 2019
I love it that Facebook's blog post announcing that it accidentally stored hundreds of millions of users' passwords in plain text is headlined "Keeping Passwords Secure" https://t.co/FQgIrSyXKu
— Will Oremus (@WillOremus) March 21, 2019
Facebook has been storing "hundreds of millions" of passwords in plain text this whole time. How does that even happen? Thankfully the shadow profile they have for me does not have a password :-P https://t.co/skBVlm9wO4
— Lance R. Vick (@lrvick) March 21, 2019
Facebook says it will be notifying "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" that their passwords were stored in a readable format https://t.co/7XYaTuPHz6
— Seth Fiegerman (@sfiegerman) March 21, 2019
facebook announces it kept "hundreds of millions" of passwords in plaintext under a spectacularly misleading headline https://t.co/eZ6HXWjNom
— errno goldfinger (@mountain_ghosts) March 21, 2019
“Facebook saved millions of passwords unhashed”. WTF?! That can’t possibly be a mistake, can it??! Were they datamining on passwords? https://t.co/1xLzgSyuM7
— Ancilla (@ncilla) March 21, 2019
If we ever get the ground truth on why @facebook was storing passwords in the clear, I'll bet 2:1 odds that they were either being logged as a URL parameter or used to impersonate users to see their user experience first hand. 1/2 https://t.co/z2C4rvqpq5
— Jake Williams (@MalwareJake) March 21, 2019
Nothing like titling your blog post "Keeping Passwords Secure," and then going on to write that you didn't.
— Ben Oberkfell (@benlikestocode) March 21, 2019
https://t.co/iJZaD2ey3d
So @facebook kept passwords in plain text format since ❗️❗️2012 ❗️❗️(https://t.co/p1WkZoBD7p) . But hey ... it's okay! We can trust them. They promise they did nothing shady with them. ?https://t.co/3WvFxAZ830 pic.twitter.com/QPH7V1COIY
— Lefteris Karapetsas (@LefterisJP) March 21, 2019
BREAKING: Facebook stored “hundreds of millions” of account passwords without encryption and viewable as plain text to tens of thousands of employees - reporthttps://t.co/dPUPceDUyH
— CNBC Now (@CNBCnow) March 21, 2019
We'll keep you safe and protect your privacy. Also, we're going to put this camera up in your shower. --@facebook#ThursdayThoughts https://t.co/ohz0KRQvBS
— Shaun Hair (@Exec_Edtr_WJ) March 21, 2019
#Facebook employees had access to millions of user #passwords https://t.co/ANmMOCY2Yh $FB #Security #Cybersecurity #Infosec
— PDF Streaming (@PDFStreaming) March 21, 2019
Facebook employees had access to millions of user passwordshttps://t.co/x69aDKxM20
— Threat Assessment (@WashTimesThreat) March 21, 2019
Reason #972 to #DeleteFacebook (if you haven't already)
— Good JuJu (@SharedMotivati1) March 21, 2019
Facebook employees had access to millions of user passwords https://t.co/PkvTX5f2KV
Facebook employees had access to millions of user passwords
— GuruLeaks (@Guruleaks1) March 21, 2019
https://t.co/XjWGrkrm0A $FB
Holy Moly ? Facebook revealed that it mistakenly stored a copy of passwords for "hundreds of millions" of users in plaintexthttps://t.co/yqx1hHWeNI
— Swati Khandelwal (@Swati_THN) March 21, 2019
Though exposed passwords were readable to some of the privileged Facebook engineers, company says it found no evidence of abuse pic.twitter.com/4QNaP2jRli
Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext https://t.co/KsbSMFUIRj#Pyrateology
— Trutherbot Pyrate (@TrutherbotPyrat) March 21, 2019
Facebook has confirmed that a number of passwords for #Facebook and #Instagram accounts have been stored in readable format within its internal data storage systems.
— Kaspersky Lab (@kaspersky) March 21, 2019
More on the news here: https://t.co/DofJu7htge pic.twitter.com/nGqryKrjKe
Facebook Stored Passwords in Plain Text For Years https://t.co/paoHqIbCT9
— Nicolas Krassas (@Dinosn) March 21, 2019
#Facebook stored passwords in plain text for years. Definitely terrible, but @troyhunt puts it into perspective: "This feels like a disclosure out of an abundance of caution rather than a disclosure due to a serious risk."https://t.co/5YCbBLyWQl
— Lindsey O'Donnell Welch (@LindseyOD123) March 21, 2019
"Hundreds of millions of #Facebook user #passwords were stored in #plaintext for years."#ITsecurity #encryption #vulnerabilities #ITstrategy #useraccounts #passphrases https://t.co/PQh8bC7Umd pic.twitter.com/xMQD4s0h56
— Fuzbolero.XV (@FuzboleroXV) March 21, 2019
7년 동안 일반 텍스트로 저장된 페이스 북의 비밀 번호 https://t.co/xyVKDYGWaP
— editoy (@editoy) March 22, 2019
Are you on #Facebook? The password you set could have been stored unencrypted and was available to view by many Facebook employees. Who can guarantee the data wasn't copied?https://t.co/6bhpcp6HcT
— Hovellin' Hermit (@HovellingHermit) March 21, 2019
...and that‘s why you make a data management plan.https://t.co/hedm5sRwth
— Felicia Loecherbach (@fe_loe) March 21, 2019
can you trust Facebook? Nope - https://t.co/EQiebh5wAf
— Dr Bruce Baer Arnold (@brucearnoldlaw) March 22, 2019
Facebook was reportedly storing the personal passwords for hundreds of millions of Facebook users unencrypted on the company servers — meaning they were readable to thousands of Facebook employees. Via @Recode: https://t.co/W52c3KuTCV
— Vox (@voxdotcom) March 22, 2019
The number of visible passwords belong to between 200 and 600 million users. (via @recode) https://t.co/mIcvpSQgfn
— ExpressVPN (@expressvpn) March 22, 2019
Zuck can't find the words to express how sorrysorrysorry he is about this. https://t.co/IghWxby3fd
— Jack Shafer (@jackshafer) March 21, 2019
Facebook employees had access to private passwords for hundreds of millions of people. #dataprivacy https://t.co/1VOFkCVdBz via @Recode
— Active Navigation (@ActiveNav) March 21, 2019
Change your passwords on Instagram & Facebook NOW.
— Steve Spohn (@stevenspohn) March 22, 2019
Millions of passwords stored by Facebook as plain text... AGAINhttps://t.co/GThidppsnW
Facebook stored millions of passwords as plain text https://t.co/IEZ1wL1Zv6 pic.twitter.com/uSFoCEy35s
— No to #Article13 #saveyourinternet (@doctorow) March 21, 2019
Change your Facebook password (especially if you use the same password anywhere else) and PLEASE turn on two-factor authentication so someone needs more than your password to access your stuff.
— zero (@mxterzeroTO) March 22, 2019
Facebook stored millions of passwords as plain text https://t.co/ySDOquHyZf
also (unrelated):
— sbo (@sbo_slv) March 21, 2019
Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access https://t.co/FINJSF7Doo
Oh @Facebook. You just can't stop being stupid.
— Steve Brazill (@stevebrazill) March 21, 2019
“… between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees."https://t.co/G1fzFNcC7Z
More $FB BS - when are regulators going to impose massive penalties? Facebook stored hundreds of millions of user passwords in a format that was accessible to its employees for more than five years. https://t.co/hqEmVVePom
— Kenny Polcari (@KennyPolcari) March 22, 2019
Facebook Inc. will notify hundreds of millions of users that some passwords were stored in a readable format that was accessible to its employees within its internal data storage systems. https://t.co/wvgT44uLO6
— Sarah McClure (@sarahymcclure) March 21, 2019
C'mon. Does ANYONE honestly believe that this was an oversight? ? This is obviously part of a soft disclosure campaign intended to cover their (criminal) tracks.#GreatAwakening #QAnon #MAGAhttps://t.co/wAd2vNU3lS
— OutlawJoseyWales⚒️ (@outlawjw) March 22, 2019
Facebook Inc. will notify hundreds of millions of users that some passwords were stored in a readable format that was accessible to its employees within its internal data storage systems.https://t.co/5V5lWplLYS
— Karol ? (@karolcummins) March 22, 2019
Facebook Inc. will notify hundreds of millions of users that some passwords were stored in a readable format that was accessible to its employees within its internal data storage systems. https://t.co/Vs3nqw615T
— لين شومان (@lynnchouman) March 21, 2019
between 200 to 600 million facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 facebook employees BUT DONT WORRY they definitely would never abuse your private data https://t.co/iVGWapBvgv
— Tracy Chou ??? (@triketora) March 21, 2019
Facebook employees were able to see “hundreds of millions” of user passwords because they weren’t encrypted, the social media giant admits. Oh-oh. https://t.co/pLTUhSdhOF pic.twitter.com/aGe8kROFXJ
— DMSRoofingTexas (@RoofingDMS) March 22, 2019
Facebook has found that some user passwords were stored in a readable format within their internal data storage systems.
— Enpass (@EnpassApp) March 21, 2019
The company claims that it fixed these issues and as a precaution will be notifying everyone whose passwords were stored this way.https://t.co/k7iLQiBvmb pic.twitter.com/lfdLSVoZ4Z
And now @Facebook confirms that people’s passwords were stored/accessible by its engineers https://t.co/aCsNNPkTWU https://t.co/cYxrrDLqRv
— Mark Scott (@markscott82) March 21, 2019
And a reminder its blog post about insecurely storing 600 million user passwords that any FB employee could search was titled: "Keeping passwords secure"https://t.co/2sCsuXdHUv
— Steve Kovach (@stevekovach) March 22, 2019
This is bad. I worked at a place where the serial harasser ("he's not sexist, he's an asshole." and "he admits working with women hasn't gone well") had DB access to the perf review system... Employees should never have access they don't 1000% need. https://t.co/5t97ooaW1i
— Nicole Sullivan (@stubbornella) March 21, 2019
Facebook is not requiring users to change their passwords after announcing that millions of user account passwords had been stored insecurely, but tech columnist @bxchen says you should do it anyway. https://t.co/yYmsypX3yz
— The New York Times (@nytimes) March 21, 2019
Facebook stored user passwords in an insecure format. Here’s what you need to know and what you can do. https://t.co/DAozSA8Vx1
— NYTimes Tech (@nytimestech) March 22, 2019
The gift that keeps on giving - #Facebook... This is just the latest in a string of negative headlines about Facebook however, this is surely one of the most damaging ones - around 600 million passwords from their users were stored in #PlainText.https://t.co/5E2IdQjN0p#Privacy pic.twitter.com/adFt8vbUrY
— MADANA (@MADANA_HQ) March 22, 2019
Yet ANOTHER #facebook data breach scandal. When will they learn to comply with the law? #gdpr #dataprotection #datasecurity #dataprivacy https://t.co/RsIAnjUIIl https://t.co/llD5ge32Bj
— RebelLaw (@RebelLawLtd) March 22, 2019
As @KateFazzini notes, the Facebook password exposure could be a violation of GDPR https://t.co/G5u9PIuIQz
— Steve Kovach (@stevekovach) March 21, 2019
Holy Moly ? Facebook revealed that it mistakenly stored a copy of passwords for "hundreds of millions" of users in plaintexthttps://t.co/URzDvmygds
— Mohit Kumar (@unix_root) March 22, 2019
Though exposed passwords were readable to some of the privileged Facebook engineers, company says it found no evidence of abuse pic.twitter.com/5Ueh8CxNsy
今天好忙現在才轉~ | Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext https://t.co/5HBPev79CC
— Chieh Yu (@welkineins) March 22, 2019
Facebook Mistakenly Stored Million of Users' Passwords in Plaintext https://t.co/X5ZeOoLgzf pic.twitter.com/BzIUUVpaGk
— Raluca (@ralucasaceanu) March 21, 2019
Stop making stupid mistakes. The series of headline should trigger in Facebook an awareness that people are stressed out and are making stupid mistakes like this! What’s your view? #cybersecurity #personaldata #news #hack #breach…https://t.co/PsLpzqd63C https://t.co/fnCXGqHWSe
— Francesco Cipollone (@FrankSEC42) March 22, 2019
Facebook Mistakenly Stored Million of Users' Passwords in Plaintext https://t.co/dfuwd4eAG0
— Cyberologue - Actualité Cybersécurité/RGPD/infosec (@cyberologue) March 21, 2019
Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext https://t.co/stJTrflatb
— toomas hendrik ilves (@IlvesToomas) March 22, 2019
Facebook Stored Passwords in Plain Text For Years https://t.co/kI97su8EwG #CyberSecurity pic.twitter.com/eU7yMGIJFc
— Angelo G Longo (@aglongo) March 21, 2019
Facebook Stored Passwords in Plain Text For Years https://t.co/L0mXJiX1aG via @InfoSecHotSpot pic.twitter.com/FpARbqJe5r
— Sean Harris (@InfoSecHotSpot) March 21, 2019