I was literally just now putting a slide about Facebook scandals in a presentation I'm working on. And now this.

"Some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords." https://t.co/Mfuaq89BoD

— Martin Bryant (@MartinSFP) March 21, 2019

Facebook is not requiring users to change their passwords after announcing that millions of user account passwords had been stored insecurely, but tech columnist @bxchen says you should do it anyway. https://t.co/yYmsypX3yz

— The New York Times (@nytimes) March 21, 2019

So, this slow trickle needs to stop. Just dump all of the bad things you've done in one long press conference and stop thumis slow drip every other day for 2 years. Getting it all out, voluntarily, at one time is best. Just rip the band aid off. https://t.co/X4jU6eeNpV

— Bärí A. Williams (@BariAWilliams) March 21, 2019

In hindsight, maybe expecting people whose engineering standard was "break stuff more" to implement basic security measures was a bad idea https://t.co/hylgnyo2x0

— Jim Gray (@grayj_) March 21, 2019

“Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned.” https://t.co/82w28ulXIl

— Sarah Frier (@sarahfrier) March 21, 2019

Hey @facebook, how’s that pivot into a privacy-focused company going? https://t.co/qAxmANXB5u

— Michael Zimmer (@michaelzimmer) March 21, 2019

Breaking: Facebook stored hundreds of millions of user passwords in plain text. No evidence of abuse but "as a precaution we will be notifying everyone whose passwords we have found were stored in this way." https://t.co/UZPl8GQdZ3

— Joseph Cox (@josephfcox) March 21, 2019

This just knocked $FB shares a bit https://t.co/OYemmf1TON

— Joe Weisenthal (@TheStalwart) March 21, 2019

What's most striking about this is how it flies in the face of everyone's perception of big internet tech companies (Facebook, Google, etc) as having excellent security practices across the board (privacy is another matter). This years-long incident is a case study in sloppiness.

— Spencer Dailey (@spencerdailey) March 21, 2019

As I’ve spent more and more time reporting on FB, especially their security, it seems like their entire strategy has been to protect attacks from without. Longtime engineers say that for years, basic safeguards weren’t in place to stop FB employees from looking up accounts.

— Sheera Frenkel (@sheeraf) March 21, 2019

Man, I wish I had "some" money, like Facebook stored "some" user passwords in plain text.#Privacy #Security #ConsentDecree https://t.co/JVC7acOu8Z

— Chris Messina ?‍☠️ (@chrismessina) March 21, 2019

But what’s a few hundred million plain text passwords amongst friends? ? https://t.co/r4XJdxS95z

— M.G. Siegler (@mgsiegler) March 21, 2019

What worries me that Facebook probably wouldn't have come clean had @briankrebs not beat them to the punch. https://t.co/DvQmcjvyB0 pic.twitter.com/SyxlfIKXDe

— Zack Whittaker (@zackwhittaker) March 21, 2019

This morning, ⁦@briankrebs⁩ is reporting that Facebook engineers stored hundreds of millions of people’s passwords in plain text (meaning anyone at the company could search for them and portentously abuse them). Here’s why I’m not surprised: https://t.co/uJ6BqbN8c3

— Sheera Frenkel (@sheeraf) March 21, 2019

"A Facebook employee could have shared your password with someone else who would then have improper access to your account, for instance."

Now consider: what is the level of counterintelligence awareness in these organizations? Can people with access be recruited? https://t.co/GPbD1tL2Rm

— Veli-Pekka Kivimäki (@vpkivimaki) March 21, 2019

As @KateFazzini notes, the Facebook password exposure could be a violation of GDPR https://t.co/G5u9PIuIQz

— Steve Kovach (@stevekovach) March 21, 2019

This is lousy for FB because credentials are their top priority to secure.

I've seen this happen at multiple places because someone added verbose debug logs outside the typical framework.

I was guilty of this at Google, but thankfully it was an internal tool in development. https://t.co/356gMWRryg

— Steve Weis (@sweis) March 21, 2019

Brilliant time to activate two factor authentication on both @facebook and @instagram while you're at ithttps://t.co/x4W8LdNgkK

— Arpit Gogia (@arpit_gogia) March 22, 2019

Facebook's reportedly been storing millions of user passwords in plain text since 2012 https://t.co/0mvA5QrTWW

— TNW (@thenextweb) March 22, 2019

.@facebook is in hot water again as new report says the social network has been storing passwords in plain text since 2012. Get the full report here: https://t.co/6rGn48wCiC. via @thenextweb

— The Cyphers Agency (@CyphersAgency) March 22, 2019

Facebook's reportedly been storing millions of user passwords in plain text since 2012 https://t.co/ZZoSFTaKwg

— TNW (@thenextweb) March 22, 2019

Facebook's reportedly been storing millions of user passwords in plain text since 2012 https://t.co/DmKxVNcPKH

— TNW (@thenextweb) March 22, 2019

Oh. OK. Cool.https://t.co/zyoqa3iTDh#KHOU11 #HTownRush #Facebook #cybersecurity

— Brandi Smith (@BrandiKHOU) March 22, 2019

Hundreds of millions of Facebook users had their passwords exposed by Facebook. Encryption wouldn’t fix that. https://t.co/Fd2D7ywOdz via @slate

— Adam Levin (@Adam_K_Levin) March 22, 2019

Hundreds of millions of Facebook users had their passwords exposed by Facebook. Encryption wouldn’t fix that. https://t.co/h5w9vaGkYX via @slate

— ↪ MAX EDGE ↩ (@maxedge051) March 21, 2019

Facebook stored users' unencrypted passwords open to thousands of its employees. https://t.co/dkhEaVtsac

— J Michael Waller ❌ (@JMichaelWaller) March 22, 2019

Exclusive: Facebook stored hundreds of millions of user passwords in plain text for years https://t.co/1iklirG5Hu pic.twitter.com/cmbpYmTrng

— briankrebs (@briankrebs) March 21, 2019

ソース読みました? 平文パスワードをあやまって「ログに」書いてたようですよ。FB のリリースでは hash + salt はちゃんとやってるとも書いてます。https://t.co/fYXx4yLc1Chttps://t.co/Cc9mTTowEu

— Satoshi Nakagawa (@Psychs) March 22, 2019

FB のパスワードの件、平文パスワードを「ログに」書いちゃってたと元ソースに書いてある。Techcrunch とかの記事、そこのところを押さえてなくてミスリーディングすぎる。https://t.co/fYXx4yLc1C

— Satoshi Nakagawa (@Psychs) March 22, 2019

“Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned.” https://t.co/82w28ulXIl

— Sarah Frier (@sarahfrier) March 21, 2019

sometimes you have to laugh because this is just so obscene@facebook engineers “uh, yeah, so like, let’s just log these passwords in this.txt file and put it over here. that sounds good.”

??https://t.co/WbYJtm48YS

— Meltem Demirors (@Melt_Dem) March 21, 2019

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security https://t.co/R7y75ROOXv pic.twitter.com/mrs9Z22OKR

— Quentin '?' ADAM (@waxzce) March 22, 2019

Just in case you are (stil???) using #Facebook: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years https://t.co/qrtgcn0Hl7#security #privacy #epicfail

— Nicolas Frankel (@nicolas_frankel) March 21, 2019

Facebook Stored Hundreds of Millions of User Passwords in the Clear. Facebook’s incompetence and recklessness seems to know no bounds.#CyberSecurity #Facebook https://t.co/PziI7XMMC3

— Richard A Clarke (@richardclarke) March 21, 2019

I built a custom content management system when I was 14 - a whole 19 years ago and it DID NOT store passwords as plaintext.

Facebook has 25k employees today. Passwords stored as plaintext is totally unacceptable.

Who is comfortable with Facebook?https://t.co/gwvQgHnDlK

— Mike Halvorsen (@mikehalvorsen) March 21, 2019

https://t.co/rNvQuc4KGG Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years. Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, …

— CryptoICT (by @bortseb) (@CryptoICT) March 22, 2019

1. This is a HUGE faceplant for FB's security & privacy practices. Letting plaintext passwords escape to logging systems is like forgetting to tie your shoes before running the 100 yard dash in the Olympics.https://t.co/xhIzgdmhzZ

— John Panzer (@jpanzer) March 22, 2019

If you haven't already heard, Facebook stored hundreds of millions of user passwords in plain text for years, @briankrebs reports. https://t.co/FQjKNDynK4#privacy
?????? pic.twitter.com/eEwhiGkutL

— linuxjournal (@linuxjournal) March 22, 2019

In what world does "hundreds of millions" mean "some"https://t.co/gMgDkF2RS9 pic.twitter.com/yKYnImiunX

— Ryan Mac (@RMac18) March 21, 2019

Facebookが顧客数億人分のパスワードを暗号化せず平文で保存し、ログによると約2000人の従業員がそれにアクセスしたという。このセキュリティ会社の報告にFacebookも事実を認めている。判っているだけで2012年から常態化しているようだ。情報を売るには必要なのかもしれない　https://t.co/jQBqU43iq2

— (ﾊﾞ°△°ﾛ)--花押 (@abribarreau) March 22, 2019

BREAKING: Facebook doesn't know how to handle your data or just doesn't fucking care about it...

...not that it should surprise you by now...

...and you still "tell" them more than you'd ever tell your doctor or therapist. ?https://t.co/Gw5TjKzwJ9

— Brian Sovryn Ω (@sovryntech) March 21, 2019

"My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords."https://t.co/DloFN15Av8

— Davide Balzarotti (@balzarot) March 22, 2019

in a statement about this gigantic fuckup https://t.co/RHSPQQcnGe Facebook refers to hundreds of millions of exposed user passwords as "some user passwords" in a PR post titled "Keeping Passwords Secure." Just incredible.

— Sam Biddle (@samfbiddle) March 21, 2019

John Nash and his mind are brought in to crack Facebook's advanced password encryption.https://t.co/LwS9QceyiA
Also on https://t.co/rooQoGbSk9#facebook #security #privacy #encryption #Crypto #ABeautifulMind #passwords pic.twitter.com/AgxM2CSC8r

— Jedi Cinememer (@Cinememer) March 22, 2019

Facebook admits storing millions of passwords in plain text - without encryption https://t.co/K5xDWZzmPW pic.twitter.com/iTKq8wRqrV

— Al Jazeera English (@AJEnglish) March 22, 2019

Facebook Discloses Flaw That Made Users' Passwords Visible to Employees https://t.co/TJbZ0J9d9q pic.twitter.com/3du8pnpuBa

— Evan Kirstel (@evankirstel) March 21, 2019

Facebook's reportedly been storing millions of user passwords in plain text since 2012 https://t.co/PDTKXS3qQ0

— TNW (@thenextweb) March 23, 2019

This is incredible news: Apparently, facebook stored millions of passwords in plain text. https://t.co/omqsbb5JsM In particular, given that they told us otherwise: https://t.co/uiqY26uUMT #nosecurity #passwordsecurity

— Raphael Reischuk (@raphaelreischuk) March 21, 2019

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security https://t.co/2j9zU5377o

— ぱんだ。®︎＞INFP (@splunkpanda) March 22, 2019

Changing my facebook password after this hack feels like a move the Facebook Growth team pulled out of thin air to get me to login again to their service: https://t.co/MwSiyjXP1a

— Miguel de Icaza @ GDC (@migueldeicaza) March 22, 2019

Alright everyone, reset the clocks. It has been ZERO days since a jaw-dropping Facebook privacy and security scandal. https://t.co/nWX8TguCDQ

— EFF (@EFF) March 21, 2019

"Facebook stored hundreds of millions of user passwords in plain text for years ... searchable by more than 20,000 Facebook employees"

Wat? https://t.co/t27HR6mZGz

— Wolfie Christl (@WolfieChristl) March 21, 2019

[#Privacy]

"Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years"

➡️https://t.co/4JFKf6b9Yf #cybersecurity #socialmedia

— Inès-Laura (@_InesLaura) March 22, 2019

Facebook admits storing millions of passwords without encryption - https://t.co/9LWIQH8xWX #GoogleAlerts

— Marc R Gagné MAPP ? (@OttLegalRebels) March 23, 2019