Facebook employees had access to the passwords of Facebook and Instagram users.
A new scandal on the topic of privacy and the preservation of personal data erupts around Facebook and Instagram.
Yesterday, in the official blog of Facebook , a publication was made that during the regular security research of the social network, experts discovered an internal vulnerability, due to which the passwords of Facebook and Instagram users were stored unprotected and were available for viewing by social network employees.
According to Pedro Canahuati, who is responsible for the security and privacy of a high-ranking Facebook employee, this internal vulnerability has already been “eliminated”, and users whose passwords may have been compromised will “be alerted”.
Similarly, Pedro Canahuati mentions that "login systems are designed in such a way that they mask passwords using technologies that make them unreadable." A good explanation from a highly qualified specialist who is the face of the world's largest corporation?
')
In the publication, Pedro Canahuati stressed that these passwords "were never visible to anyone outside Facebook" and there was no evidence that anyone had "abused access to this data."
However, non-detection of the relevance of a fact does not cancel the probability of its relevance. And it would be strange if Facebook recognized these facts publicly, if they were confirmed in an internal investigation. Attempting to save face in such a case would look even tighter.
The same Pedro Canahuati, who could see including your password.
Facebook and Pedro Canahuati officials are obviously cunning. A few days ago, information about internal vulnerabilities was published in the KrebsOnSecurity blog dedicated to information security.
The public has learned the sad facts of the neglect of a large corporation by the safety of user passwords thanks to an insider inside Facebook, according to which the passwords have been kept unprotected since 2012. According to an insider, Facebook was aware of this vulnerability. The KrebsOnSecurity publication also states that "200-600 million Facebook users were compromised because their passwords were stored in the clear and more than 20,000 Facebook employees had access to them."
No further comments from Facebook representatives followed. Another Facebook employee named Scott Renfro, who was interviewed by journalists at the KrebsOnSecurity blog, refused to talk about the scale of compromised accounts and the number of employees who could access user passwords.
Important in this whole story is the fact that information about the internal vulnerability was published on the Facebook blog a few days after the “inconvenient” insider appeared on the KrebsOnSecurity blog.
From this whole story a few questions are brewing:
Yesterday, in the official blog of Facebook , a publication was made that during the regular security research of the social network, experts discovered an internal vulnerability, due to which the passwords of Facebook and Instagram users were stored unprotected and were available for viewing by social network employees.
According to Pedro Canahuati, who is responsible for the security and privacy of a high-ranking Facebook employee, this internal vulnerability has already been “eliminated”, and users whose passwords may have been compromised will “be alerted”.
Similarly, Pedro Canahuati mentions that "login systems are designed in such a way that they mask passwords using technologies that make them unreadable." A good explanation from a highly qualified specialist who is the face of the world's largest corporation?
')
In the publication, Pedro Canahuati stressed that these passwords "were never visible to anyone outside Facebook" and there was no evidence that anyone had "abused access to this data."
However, non-detection of the relevance of a fact does not cancel the probability of its relevance. And it would be strange if Facebook recognized these facts publicly, if they were confirmed in an internal investigation. Attempting to save face in such a case would look even tighter.
The same Pedro Canahuati, who could see including your password.
Facebook and Pedro Canahuati officials are obviously cunning. A few days ago, information about internal vulnerabilities was published in the KrebsOnSecurity blog dedicated to information security.
The public has learned the sad facts of the neglect of a large corporation by the safety of user passwords thanks to an insider inside Facebook, according to which the passwords have been kept unprotected since 2012. According to an insider, Facebook was aware of this vulnerability. The KrebsOnSecurity publication also states that "200-600 million Facebook users were compromised because their passwords were stored in the clear and more than 20,000 Facebook employees had access to them."
No further comments from Facebook representatives followed. Another Facebook employee named Scott Renfro, who was interviewed by journalists at the KrebsOnSecurity blog, refused to talk about the scale of compromised accounts and the number of employees who could access user passwords.
Important in this whole story is the fact that information about the internal vulnerability was published on the Facebook blog a few days after the “inconvenient” insider appeared on the KrebsOnSecurity blog.
From this whole story a few questions are brewing:
- Did Facebook really take action to fix the vulnerability?
- Didn’t anyone with access to social networks really have access to passwords?
- Are all users whose passwords have been compromised?
- Should we again expect such news about a corporation that has repeatedly neglected the privacy of users?
- Will Facebook search for an insider employee who has caused significant damage to the company's business reputation and revealed information about the existence of a vulnerability?
- Do Russian social networks employees have unofficial (not a bug, but a feature) access to user passwords?
Source: https://habr.com/ru/post/444766/
All Articles