Skip to comments.Facebook says it stored millions of passwords in plain text
Posted on 03/21/2019 12:17:25 PM PDT by bgill
Facebook said Thursday that it stored millions of its users' passwords in plain text for years. The acknowledgement from the social media giant came after a security researcher posted about the issue online. "Security rule 101 dictates that under no circumstances passwords should be stored in plain text, and at all times must be encrypted," said cybersecurity expert Andrei Barysevich of Recorded Future. "There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users' passwords in plain text." Facebook said there is no evidence its employees abused access to this data. But thousands of employees could have searched them. The company said the passwords were stored on internal company servers, where no outsiders could access them. But the incident reveals a huge oversight for the company amid a slew of bruises and stumbles in the last couple of years. The security blog KrebsOnSecurity said some 600 million Facebook users may have had their passwords stored in plain text.
(Excerpt) Read more at kvue.com ...
Facebook is run by liberals - they don’t give a damn about anyone’s security... Not ours - not even fellow liberals.
Wow, Facebook appears to have the award for sleazy untrustworthy employees.
Get to it, Google. You know you’re number 1.
But only conservatives!
In UNIX, /etc/passwd, was it? Maybe /etc/pwd? encrypts automatically.
(Sorry, I haven’t used UNIX in over 10 years...but I did use it quite a bit during the 1990’s and into the 2000’s).
My project is being delayed in order to absolutely encrypt and un-encrypt one field. Nothing moves forward til we get resources to assist us. That is insane to store it in simple text.
Bump and Amen!
Especially when you mistype a password when encrypting something. Been there, done that. Lost access, arghh!
It was /etc/passwd, and still is. And yes, the password has always been stored in a "hashed" format, with the old-style hash using a 56-bit DES encryption algorithm. But that was judged too easy to crack with modern techniques, and was replaced years ago by a variety of other more robust algorithms. Unix and Linux now store even the hashes in files that are unreadable by regular users (/etc/master.passwd, /etc/shadow).
I am unaware of any Unix (or Linux) system that stores passwords in plaintext, unless you go out of your way to specify that (I think openLDAP permits it but discourages it).
The jokers at Fakebook were either being monumentally stupid, or outright malicious. Your choice.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.