{"id":4330,"date":"2019-03-21T15:17:06","date_gmt":"2019-03-21T19:17:06","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4330"},"modified":"2019-03-21T15:17:06","modified_gmt":"2019-03-21T19:17:06","slug":"facebook-stored-hundreds-of-millions-of-passwords-in-plain-text","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/","title":{"rendered":"Facebook Stored Hundreds of Millions of Passwords in Plain Text"},"content":{"rendered":"

\"FacebookToday, cybersecurity blog <\/span>KrebsonSecurity<\/span><\/a> revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. The social media giant <\/span>came under fire<\/span><\/a> recently for numerous cybersecurity and privacy issues. The Facebook Password Problem is just the latest scandal. \u00a0\u00a0<\/span><\/p>\n

\t\t\t

\"Download<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n

According to Krebs, Facebook administrators put no encryption on the users\u2019 passwords. Up to 20,000 Facebook employees could search through the plain text at will. Moreover, around 2,000 programmers and developers performed searches through the unhashed passwords. KrebsonSecurity stated the number of individuals affected numbered between 200 million and 600 million. <\/span><\/p>\n

According to an <\/span>official blog post<\/span><\/a> by Facebook, they discovered the flaw in January during a regular security review and have since closed the vulnerability. Facebook did not confirm either the number of users affected or the number of employees with access to the plain text passwords. <\/span><\/p>\n

Instead, the social media giant announced plans to alert all affected individuals. Additionally, Facebook stressed no one outside the company accessed the platform nor did anyone abuse the exposed passwords; users should not need to change their passwords, although they certainly can if they desire. <\/span><\/p>\n

Best Practices From the Facebook Password Problem<\/b><\/h2>\n

We\u2019ve written extensively on what enterprises can do <\/span>to improve<\/span><\/a> their <\/span>password security<\/span><\/a>. However, we wanted to turn it over to Stephen Cox, Chief Security Architect of <\/span>SecureAuth<\/span><\/a>; he summarizes the best practices takeaways from the Facebook Password Problem succinctly: <\/span><\/p>\n

“The discovery is just another indication that our continued reliance on passwords is not sustainable and fails consumers. Decades of experience shows us that the password is an archaic method of authentication, often not under the control of the user, and simply isn\u2019t enough to satisfy today\u2019s threat landscape. Not only are many organizations using poor hygiene when storing passwords, but a large portion of these passwords are also already widely available on the dark web due to previous massive breaches. The reality is that people reuse passwords across multiple websites and password leaks can have far-reaching consequences.<\/span><\/p>\n

With the trend of password leakage and the resulting credential misuse on the rise, organizations must evolve and adopt modern approaches to identity security, one that improves security posture but takes care to keep the user experience simple. We need to move beyond the password, and basic two-factor authentication methods, to modern adaptive risk-based approaches that leverage real-time metadata and threat detection techniques to improve end-user trust. The goal should be rendering stolen credentials useless to an attacker.\u201d<\/span><\/p>\n

Thank you to Stephen Cox of <\/span>SecureAuth<\/span><\/a> for his time and expertise!<\/span><\/p>\n
Widget not in any sidebars
\n","protected":false},"excerpt":{"rendered":"

Today, cybersecurity blog KrebsonSecurity revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. The social media giant came under fire recently for numerous cybersecurity and privacy issues. The Facebook Password Problem is just the latest scandal. \u00a0\u00a0 According to Krebs, Facebook administrators put no encryption on the users\u2019 passwords. Up to 20,000 […]<\/p>\n","protected":false},"author":41,"featured_media":2464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[142,125,16,112,14,299,1108,62,76,118,145,30,91,90],"acf":[],"yoast_head":"\nFacebook Stored Hundreds of Millions of Passwords in Plain Text<\/title>\n<meta name=\"description\" content=\"KrebsonSecurity revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. Here's what we can learn from the Facebook Password Problem\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/\",\"name\":\"Facebook Stored Hundreds of Millions of Passwords in Plain Text\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png\",\"datePublished\":\"2019-03-21T19:17:06+00:00\",\"dateModified\":\"2019-03-21T19:17:06+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"KrebsonSecurity revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. Here's what we can learn from the Facebook Password Problem\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png\",\"width\":800,\"height\":400,\"caption\":\"Facebook Stored Hundreds of Millions of Passwords in Plain Text\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook Stored Hundreds of Millions of Passwords in Plain Text\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook Stored Hundreds of Millions of Passwords in Plain Text","description":"KrebsonSecurity revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. Here's what we can learn from the Facebook Password Problem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/","url":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/","name":"Facebook Stored Hundreds of Millions of Passwords in Plain Text","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png","datePublished":"2019-03-21T19:17:06+00:00","dateModified":"2019-03-21T19:17:06+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"KrebsonSecurity revealed Facebook stored hundreds of millions of users\u2019 passwords in plain text. Here's what we can learn from the Facebook Password Problem","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/facebook-mod.png","width":800,"height":400,"caption":"Facebook Stored Hundreds of Millions of Passwords in Plain Text"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/facebook-stored-hundreds-of-millions-of-passwords-in-plain-text\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Facebook Stored Hundreds of Millions of Passwords in Plain Text"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4330"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4330"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4330\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2464"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4330"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4330"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4330"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}