S—

Sun.Star Pampanga - - BUSINESS! -

AN FRAN­CISCO (AP)

Face­book left hun­dreds of mil­lions of user pass­words read­able by its em­ploy­ees for years, the com­pany ac­knowl­edged Thurs­day af­ter a se­cu­rity re­searcher ex­posed the lapse .

By stor­ing pass­words in read­able plain text, Face­book vi­o­lated fun­da­men­tal com­puter-se­cu­rity prac­tices. Those call for or­ga­ni­za­tions and web­sites to save pass­words in a scram­bled form that makes it al­most im­pos­si­ble to re­cover the orig­i­nal text.

“There is no valid rea­son why any­one in an or­ga­ni­za­tion, es­pe­cially the size of Face­book, needs to have ac­cess to users’ pass­words in plain text,” said cy­ber­se­cu­rity ex­pert An­drei Bary­se­vich of Recorded Fu­ture.

Face­book said there is no ev­i­dence its em­ploy­ees abused ac­cess to this data. But thou­sands of em­ploy­ees could have searched them. The com­pany said the pass­words were stored on in­ter­nal com­pany servers, where no out­siders could ac­cess them. Even so, some pri­vacy ex­perts sug­gested that users change their Face­book pass­words.

The in­ci­dent re­veals yet an­other huge and ba­sic over­sight at a com­pany that in­sists it is a re­spon­si­ble guardian for the per­sonal data of its 2.3 bil­lion users world­wide.

The se­cu­rity blog Kreb­sOnSe­cu­rity said Face­book may have left the pass­words of some 600 mil­lion Face­book users vul­ner­a­ble. In a blog post , Face­book said it will likely no­tify “hun­dreds of mil­lions” of Face­book Lite users, mil­lions of Face­book users and tens of thou­sands of In­sta­gram users that their pass­words were stored in plain text.

Face­book Lite is a ver­sion de­signed for peo­ple with older phones or lowspeed in­ter­net con­nec­tions. It is used pri­mar­ily in de­vel­op­ing coun­tries.

Last week, Face­book CEO Mark Zucker­berg touted a new ”pri­vacy-fo­cused vi­sion ” for the so­cial net­work that would em­pha­size pri­vate com­mu­ni­ca­tion over pub­lic shar­ing. ]

The com­pany wants to en­cour­age small groups of peo­ple to carry on en­crypted con­ver­sa­tions

Newspapers in English

Newspapers from Philippines

© PressReader. All rights reserved.