Blog
Today’s Facebook Fuck Up: They Were Storing Passwords in Plain-Text
Brian Krebs at KrebsOnSecurity:
Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Woof. This absolutely sucks.
Typically, a company stores “hashed" versions of passwords, or passwords which are obscured in a database that the average employee could not decode or use. Apparently not so much for Zuckerberg.
In short, change your WhatsApp, Facebook, and Instagram passwords, toot sweet.
If I may shill for a second - this is why I use 1Password.
It saves your passwords for you, helps you generate lengthy, more secure passwords, works with browser extensions across your desktop and mobile devices, and even monitors when there are breaches on websites!
LastPass, DashLane and similar do similar things, but 1Password is my favorite. Can’t recommend it more, and no, I’m not being paid for that link. I wholeheartedly believe in it.
Thursday March 21, 2019