After nearly two years of problems because of Facebook’s failure to protect the personal data of users, Facebook still continues to have problems.
The social network admitted that some user passwords were stored in text format, without encryption and they were easily accessible to anyone who knew where to look. Right now Facebook does not mention how many users were affected by this problem but estimates made by specialists indicate that the number of users who’s passwords were stored in text format is somewhere between 200 and 600 million.
According to Kerbs on Security, Facebook has been storing passwords in text format on the company’s servers ever since 2012. This happened because the access apps that were using the Facebook platform had, their history being recorded without encryption. Right now there is no evidence that the data were accessed by someone or not, but simply storing passwords in a text format raises a lot of questions about how Facebook handles data security.
Scott Renfro, software engineer at Facebook says that users affected by this will not be encouraged to change their passwords. Only users who noticed suspicious activity should change their password but the risk is very small, according to Renfro. It appears that Facebook discovered this problem in January of last year but it was revealed only now.
Facebook will publish an official report in the near future but most likely Facebook will try to hide the precise number of accounts that were vulnerable because the passwords associated with the accounts were stored in text format.