SAN FRANCISCO — Facebook said on Thursday that millions of user account passwords had been stored insecurely, potentially allowing employees to gain access to people’s accounts without their knowledge. The Silicon Valley company publicized the security failure around the same time that Brian Krebs, a cybersecurity writer, reported the password vulnerability. Mr. Krebs said an audit by Facebook had found that hundreds of millions of user passwords dating to 2012 were stored in a format known as plain text, which makes the passwords readable to more than 20,000 of the company’s employees. The security failure is another embarrassment for Facebook, a $470 billion colossus that employs some of the most sought-after cybersecurity experts in the industry. Last year, amid revelations that a political consulting firm improperly gained access to the data of millions, Facebook also revealed that an attack on its network had exposed the personal information of tens of millions of users.

Source: New York Times March 21, 2019 17:15 UTC