Peter OfEngland Published on Mar 9, 2019 We announce the opening of Class Action Law Suit v Facebook/Lifelog/Mark Zuckerberg for regions USA -Europe – Asia Pacific Action for damages sought – $1 trillion dollars Estimated Payout – FB Class Action (1) Group of Plaintiffs between 100,000 – 250,000 ($10 million to $4 Million per […]
Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for “hundreds of millions” users in plaintext.
What’s more? Not just Facebook, Instagram users are also affected by the latest security incident.
So, if you are one of the affected users, your Facebook or Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database.
Though the social media company did not mention exactly what component or application on its website had the programmatic error that caused the issue, it did reveal that the company discovered the security blunder in January this year during a routine security check.
In a blog post published today, Facebook’s vice president of engineering Pedro Canahuati said an internal investigation of the incident found no evidence of any Facebook employee abusing those passwords.
“To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati said.
Canahuati didn’t mention the exact number of users affected by the glitch, but confirmed that the company would start notifying its “hundreds of millions of affected Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
- How to Stop Facebook From Tracking Your Location in the Background
- How to Enable Secure Logins On Facebook Using FIDO U2F Security Keys
- Facebook Offering $40,000 Reward If You Find Evidence of Data Leaks
Facebook has now fixed this issue and recommended users to change their Facebook and Instagram passwords immediately.
“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them.”
Besides this, all Facebook and Instagram users are always highly recommended to enable two-factor authentication, login alert feature, use a secure VPN software, password manager, and physical security keys to protect their accounts from various type of sophisticated cyber attacks.
This is yet another security incident for Facebook. In October last year, Facebook announced its worst-ever security breach that allowed hackers to successfully steal secret access tokens and access personal information from 29 million Facebook accounts.
However, Facebook is not alone that exposed hundreds of millions of its users’ passwords in plain text. Twitter last year also addressed a similar security incident that unintentionally exposed passwords for its 330 million users in readable text on its internal computer system.
Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle
Posted: February 7, 2019 by davidruiz
Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data.
So, when news broke that scandal-ridden, online privacy pariah Facebook would expand secure messaging across its Messenger, WhatsApp, and Instagram apps, a broad community of cryptographers, lawmakers, and users asked: Wait, what?
Not only is the technology difficult to implement, the company implementing it has a poor track record with both user privacy and online security.
On January 25, the New York Times reported that Facebook CEO Mark Zuckerberg had begun plans to integrate the company’s three messaging platforms into one service, allowing users to potentially communicate with one another across its separate mobile apps. According to the New York Times, Zuckerberg “ordered that the apps all incorporate end-to-end encryption.”
The initial response was harsh.
Abroad, Ireland’s Data Protection Commission, which regulates Facebook in the European Union, immediately asked for an “urgent briefing” from the company, warning that previous data-sharing proposals raised “significant data protection concerns.”
In the United States, Democratic Senator Ed Markey for Massachusetts said in a statement: “We cannot allow platform integration to become privacy disintegration.”