Face­book left mil­lions of pass­words read­able by em­ploy­ees

Sun.Star Pampanga - - BUSINESS! -

that nei­ther Face­book nor any other out­sider can read.

The fact that the com­pany couldn’t man­age to do some­thing as sim­ple as en­crypt­ing pass­words, how­ever, raises ques­tions about its abil­ity to man­age more com­plex en­cryp­tion is­sues — such in mes­sag­ing — flaw­lessly.

Face­book said it dis­cov­ered the prob­lem in Jan­uary. But se­cu­rity re­searcher Brian Krebs wrote that in some cases the pass­words had been stored in plain text since 2012. Face­book Lite launched in 2015 and Face­book bought In­sta­gram in 2012.

The prob­lem, ac­cord­ing to Face­book, wasn’t due to a sin­gle bug. Dur­ing a rou­tine re­view in Jan­uary, it say, it found that the plain text pass­words were un­in­ten­tion­ally cap­tured and stored in its in­ter­nal stor­age sys­tems. This hap­pened in a va­ri­ety of cir­cum­stances — for ex­am­ple, when an app crashed and the re­sult­ing crash log in­cluded a cap­tured pass­word.

But Alex Holden, the founder of Hold Se­cu­rity, said Face­book’s ex­pla­na­tion is not an ex­cuse for sloppy se­cu­rity prac­tices that al­lowed so many pass­words to be ex­posed in­ter­nally.

Recorded Fu­ture’s Bary­se­vich said he could not re­call any ma­jor com­pany caught leav­ing so many pass­words ex­posed.

He said he’s seen a num­ber of in­stances where much smaller or­ga­ni­za­tions made such in­for­ma­tion read­ily avail­able — not just to pro­gram­mers but also to cus­tomer sup­port teams.

Newspapers in English

Newspapers from Philippines

© PressReader. All rights reserved.