Facebook admits storing passwords in plain text
San Francisco, Mar 21: Facebook on Thursday admitted that millions of passwords were stored in plain text on its internal servers, a security slip that left them readable by the social networking giant's employees.
"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said in a blog post.
The blunder was uncovered during a routine security review early this year, according to Canahuati.
He said that the Silicon Valley company expected to notify hundreds of millions of Facebook Lite users; tens of millions of other Facebook users, and tens of thousands of Instagram users whose passwords may have been vulnerable to prying eyes.
The basic security shortcoming was revealed on the heels of a series of controversies centered on whether Facebook properly safeguards the privacy and data of its users.
The basic data defense mistake would also appear contrary to the "Hacker Way" mantra that Facebook co-founder Mark Zuckerberg has espoused at the social network.
"One Hacker Way" is the main address of Facebook's vast campus in the California city of Menlo Park.
Brian Krebs of security news website KrebsOnSecurity.com cited an unnamed Facebook source as saying the internal investigation had so far indicated that as many as 600 million users of the social network had account passwords stored in plain text files searchable by more than 20,000 employees.
The exact number has yet to be determined, but archives with unencrypted user passwords were found dating back to the year 2012, according to Krebs.
"We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way," Canahuati said.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Online fraud: Hotel chef from Udupi cheated of over Rs 1 lakh by WhatsApp contact
Udupi: Udupi City Police have registered a case of online fraud after a 62-year-old hotel chef was allegedly cheated of Rs 1.13 lakh by a woman who befriended him on WhatsApp, claiming to be based in London.
The victim, identified as Pandu Kariappa Poojary, a resident of Kuthpadi in Udupi, was working at a hotel in Mangaluru.
He reportedly came into contact with a woman identifying herself as Emilda William on WhatsApp. During their interactions, she told Poojary that she planned to start a cosmetics and hotel business in India and would meet him during a visit to Mangaluru.
On April 7, Emilda sent Poojary a flight ticket from London to Delhi via WhatsApp. The following day, Poojary received a phone call from a woman who informed him that Emilda had arrived at Delhi airport carrying a demand draft worth Rs 5 crore along with other items. The caller allegedly asked him to pay Rs 70,000.
Subsequently, Poojary also received a call from Emilda, who was reportedly crying and spoke about the situation. Believing the claims, he transferred a total of Rs 1,13,300 in phases using a scanner. He later realised that he had been cheated.
