Facebook admits storing passwords in plain text
San Francisco, Mar 21: Facebook on Thursday admitted that millions of passwords were stored in plain text on its internal servers, a security slip that left them readable by the social networking giant's employees.
"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said in a blog post.
The blunder was uncovered during a routine security review early this year, according to Canahuati.
He said that the Silicon Valley company expected to notify hundreds of millions of Facebook Lite users; tens of millions of other Facebook users, and tens of thousands of Instagram users whose passwords may have been vulnerable to prying eyes.
The basic security shortcoming was revealed on the heels of a series of controversies centered on whether Facebook properly safeguards the privacy and data of its users.
The basic data defense mistake would also appear contrary to the "Hacker Way" mantra that Facebook co-founder Mark Zuckerberg has espoused at the social network.
"One Hacker Way" is the main address of Facebook's vast campus in the California city of Menlo Park.
Brian Krebs of security news website KrebsOnSecurity.com cited an unnamed Facebook source as saying the internal investigation had so far indicated that as many as 600 million users of the social network had account passwords stored in plain text files searchable by more than 20,000 employees.
The exact number has yet to be determined, but archives with unencrypted user passwords were found dating back to the year 2012, according to Krebs.
"We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way," Canahuati said.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
US SEC summons Gautam Adani, nephew Sagar in bribery case
New York (PTI): Adani group founder and chairman Gautam Adani and his nephew Sagar have been summoned to explain their stand on the US Securities and Exchange Commission (SEC) allegation of paying USD 265 million (Rs 2,200 crore) in bribes to secure lucrative solar power contracts.
Summons have been sent to Adani's Shantivan Farm residence in Ahmedabad and his nephew Sagar's Bodakdev residence in the same city for a reply to SEC within 21 days.
"Within 21 days after service of this summons on you (not counting the day you received it)...you must serve on the plaintiff (SEC) an answer to the attached complaint or a motion under Rule 12 of the Federal Rules of Civil Procedure," said a November 21 notice sent through the New York Eastern District Court.
"If you fail to respond, judgment by default will be entered against you for the relief demanded in the complaint. You also must file your answer or motion with the court," it added.
Gautam Adani, 62, and seven other defendants, including his nephew Sagar, who is a director at the group's renewable energy unit Adani Green Energy Ltd, allegedly agreed to pay about USD 265 million in bribes to Indian government officials between approximately 2020 and 2024 to obtain lucrative solar energy supply contracts on terms that expected to yield USD 2 billion of profit over 20 years, according to an indictment unsealed in a New York court on Wednesday.
Separate from the indictment brought by the US Department of Justice, the US SEC has also charged the two and Cyril Cabanes, an executive of Azure Power Global, for "conduct arising out of a massive bribery scheme".
The ports-to-energy conglomerate has denied the allegations and said it will seek all possible legal resources.
"The Adani Group has always upheld and is steadfastly committed to maintaining the highest standards of governance, transparency and regulatory compliance across all jurisdictions of its operations. We assure our stakeholders, partners and employees that we are a law-abiding organisation fully compliant with all laws."
An indictment in the US is basically a formal written allegation originating with a prosecutor and issued by a grand jury against a party charged with a crime. A person indicted is given formal notice to reply.
That person or persons can then hire a defence lawyer to defend.
Prosecutors said the investigation started in 2022 and found the inquiry obstructed.
They also allege that the Adani Group raised USD 2 billion in loans and bonds, including from US firms, on the backs of false and misleading statements related to the firm's anti-bribery practices and policies, as well as reports of the bribery probe.
"As alleged, the defendants orchestrated an elaborate scheme to bribe Indian government officials to secure contracts worth billions of dollars and... lied about the bribery scheme as they sought to raise capital from U.S. and international investors," US Attorney Breon Peace said in a statement announcing the charges on Wednesday.
"My office is committed to rooting out corruption in the international marketplace and protecting investors from those who seek to enrich themselves at the expense of the integrity of our financial markets."
