Tech analysts are scrutinizing Facebook after recent reports reveal the social media company left millions of passwords open to staff members.
Facebook violated fundamental computer-security practices, analysts say, after the company confirmed millions of passwords were readily available to staff. Basic security practices require organizations and websites hold sensitive information in a scrambled form that makes it virtually impossible to recover the original text.
“There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users’ passwords in plain text,” cybersecurity expert Andrei Barysevich told reporters. Facebook, meanwhile, said there is no evidence suggesting that employees abused the information. (RELATED: REPORT: Facebook Gave AI Control Of A Crucial Personal Data Collection Tool)
Other experts made similar points. Storing passwords in plain text is “unfortunately more common than most of the industry talks about,” Jake Williams, president of Rendition Infosec, told reporters. A Facebook blog post confirming the matter suggests the practice might have been “sanctioned,” he said, adding that it’s possible a “rogue development team” was responsible.
Facebook normally encodes passwords before storing them, the company noted Thursday in its blog post. Security researcher Rob Graham was skeptical. Facebook engineers apparently added code that defeated the safeguards, he told reporters. “They have all the proper locks on the doors, but somebody left the window open,” Graham said.
Facebook is pushing back against such speculations. A company representative told The Daily Caller News Foundation that such claims are “speculative and not supported by the investigation we have conducted since January.” In most cases the password information would not have been readily apparent to employees working on data sets where the information was present, the representative noted.
Reports of the lapse come less than a week after CEO Mark Zuckerberg announced March 6 that Facebook would begin shifting gears, moving from a social network to a platform where people communicate with smaller groups and their private content disappears shortly thereafter.
Facebook has been under fire since suspending data analytics firm Cambridge Analytica for reportedly working with President Donald Trump’s campaign team to gather private information in the runup to the 2016 presidential election. Zuckerberg also became $5 billion poorer in March 2018 as reports about Cambridge Analytica and other privacy data breaches began taking their toll.