Facebook admits to store the passwords of millions of users unencrypted on its internal servers. Allegedly, however, unauthorized persons had no access to the information.
Passwords of many millions of Facebook users have been accessible to employees of the online network in plain text. "We expect to notify hundreds of millions of Facebook Lite users, tens of millions more Facebook users, and tens of thousands of Instagram users," the company said. Facebook has no evidence that anyone has abused it internally, it said. The passwords were also not visible to anyone outside the company.
The affected users are still to be notified "as a precaution", although there is no evidence of misuse of the data. The passwords should also have been unrecognizable internally. The error was noticed during a routine check in January. It has since been corrected - Facebook did not specify exactly when.
βοΈMore than 20,000 employees had access
Facebook Lite is a slimmed-down version for users of the online network in regions with slow Internet lines. Just before the Facebook release, IT security expert Brian Krebs reported on the case in his blog. He wrote, citing an unnamed Facebook insider, that more than 20,000 employees of the online network could have had access to the passwords stored in plain text.
A total of 200 to 600 million Facebook users could be affected. The archive files with unveiled passwords were back to 2012, according to Krebs. According to log data, about 2000 developers had made about nine million internal queries for data elements that contained unprotected passwords, the security expert wrote, citing the company insider. Facebook initially did not provide any information.
https://www.n-tv.de/20921959
π‘ @NoGoolag
#DeleteFacebook #why #passwords #plaintext
Passwords of many millions of Facebook users have been accessible to employees of the online network in plain text. "We expect to notify hundreds of millions of Facebook Lite users, tens of millions more Facebook users, and tens of thousands of Instagram users," the company said. Facebook has no evidence that anyone has abused it internally, it said. The passwords were also not visible to anyone outside the company.
The affected users are still to be notified "as a precaution", although there is no evidence of misuse of the data. The passwords should also have been unrecognizable internally. The error was noticed during a routine check in January. It has since been corrected - Facebook did not specify exactly when.
βοΈMore than 20,000 employees had access
Facebook Lite is a slimmed-down version for users of the online network in regions with slow Internet lines. Just before the Facebook release, IT security expert Brian Krebs reported on the case in his blog. He wrote, citing an unnamed Facebook insider, that more than 20,000 employees of the online network could have had access to the passwords stored in plain text.
A total of 200 to 600 million Facebook users could be affected. The archive files with unveiled passwords were back to 2012, according to Krebs. According to log data, about 2000 developers had made about nine million internal queries for data elements that contained unprotected passwords, the security expert wrote, citing the company insider. Facebook initially did not provide any information.
https://www.n-tv.de/20921959
π‘ @NoGoolag
#DeleteFacebook #why #passwords #plaintext
Firefox Lockbox launches on Android to keep passwords safe
https://www.xda-developers.com/firefox-lockbox-android
#passwords #firefox #ff #lockbox
https://www.xda-developers.com/firefox-lockbox-android
#passwords #firefox #ff #lockbox
xda-developers
Firefox Lockbox launches on Android to keep passwords safe
Firefox Lockbox has a strong integration and synchronization capabilities with the company's own browser, Mozilla Firefox.
Google Has Stored Some Passwords in Plaintext Since 2005
https://www.wired.com/story/google-stored-gsuite-passwords-plaintext
#gsuit #google #passwords #why
https://www.wired.com/story/google-stored-gsuite-passwords-plaintext
#gsuit #google #passwords #why
Wired
Google Has Stored Some Passwords in Plaintext Since 2005
On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugsβone of which lasted 14 years.
Google says it stored some G Suite passwords in unhashed form for 14 years
https://www.zdnet.com/article/google-says-it-stored-some-g-suite-passwords-in-unhashed-form-for-14-years
#gsuit #google #passwords #why
https://www.zdnet.com/article/google-says-it-stored-some-g-suite-passwords-in-unhashed-form-for-14-years
#gsuit #google #passwords #why
ZDNet
Google says it stored some G Suite passwords in unhashed form for 14 years
G Suite passwords were encrypted when stored on disk, so, at least, they weren't stored in plaintext.
Google announces authentication to its web-based services in chrome for Android using a fingerprint instead of traditional passwords and the feature called FIDO2
https://gbhackers.com/fingerprint
https://www.xda-developers.com/android-fido2-certified-passwordless-access
#google #fp #fingerprint #autentification #passwords
https://gbhackers.com/fingerprint
https://www.xda-developers.com/android-fido2-certified-passwordless-access
#google #fp #fingerprint #autentification #passwords
Forwarded from BlackBox (Security) Archiv
PWDB - New generation of Password Mass-Analysis
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
ππΌ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
ππΌ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
ππΌ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
ππΌ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
GitHub
GitHub - ignis-sec/Pwdb-Public: A collection of all the data i could extract from 1 billion leaked credentials from internet.
A collection of all the data i could extract from 1 billion leaked credentials from internet. - ignis-sec/Pwdb-Public