Despite all the promises of privacy, Facebook is falling apart piece by piece.
The social network has suffered from bugs/breaches, compromising information of millions of users, even interfering with the elections.
Now, in another shocking case, a news outlet has revealed that the company had kept passwords of hundreds of millions of users in an unencrypted format for years.
Here are the details.
In a recent report, Kerbs On Security cited a senior-level Facebook employee to confirm that the social network kept millions of user passwords in a readable text format.
Normally, passwords are hashed with a cryptographic key to prevent them from being accessed or read.
But, in this case, a string of security errors associated with Facebook's products led to the passwords being logged internally.
Following the shocking revelation, Facebook issued a statement confirming the issue.
The company didn't give exact numbers but said "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" may have had their passwords exposed.
Meanwhile, the source speaking to Kerbs said between 200 million and 600 million people may have been affected.
Facebook discovered the unencrypted password log as part of a routine security review in January.
Then, it patched the issues and started an investigation to understand the true scale of the exposure.
In its statement, the company claimed the passwords were not exposed to anyone outside of Facebook and there's no evidence that anyone on the inside had abused the access given inadvertently.
Even if readable passwords were stored on Facebook's internal servers, this is still a pretty big concern.
The company has more than 20,000 employees and access logs suggest that at least 2,000 of them (mostly engineers or developers) searched through the files containing passwords dating back to 2012.
These people made approximately 9 million queries, although their exact reason remains unclear.
"We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data," Facebook engineer Scott Renfro said, claiming that the passwords were unencrypted but there's no actual risk from it.
Love Science news?
Subscribe to stay updated.