Let’s spin Facebook’s Wheel of Misfortune! Clack-clack-clack… clack… You’ve won ‘100s of millions of passwords stored in plaintext’
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: The Register
Facebook today admitted it stored “some” of its addicts’ account passwords in a plaintext readable format. For “some”, read hundreds of millions.
The antisocial network quietly made the mea culpa in a statement that followed its breathless announcement of the Oculus Rift S Virtual Reality headset. The password snafu confession was, as far as we can tell, forthcoming from the Silicon Valley giant only after investigative journalist Brian Krebs blew the lid off the blunder.
Facebook said it realized its error in January, during a security review, and discreetly fixed the problem. Affected users can expect to receive a notification, although the Mark-Zuckerberg-run biz did not state if they would be required to change their password.
Keen to downplay the screw-up, Facebook protested that “these passwords were never visible to anyone outside of Facebook.” And as for insiders getting their hands on the credentials? In a not-very-reassuring statement, the creepy ad-slinger asserted: “We have found no evidence to date that anyone internally abused or improperly accessed them.”
The snafu affects hundreds of millions of Facebook Lite fans, tens of millions of other Facebook account holders, and tens of thousands of Instagrammers – somewhere between 200 and 600 million total, according to Krebs’ sources’ estimates.
As users logged in, their passwords were stored in a readable format that could be accessed via internal systems. Basically, it logged the credentials in plaintext, and Facebook engineers were allowed to peruse those logs while looking for bugs and faults, though we’re assured no one did anything bad with the sensitive data. This is the same biz that this month lied about how many teens were using its market-research-slash-surveillance app, and has repeatedly lied in the past, so take the statement with a pinch of salt.
Facebook Lite is the lower-bandwidth version of the platform, ideal for regions without the greatest connectivity. Such as, er, chunks of rural Blighty, for example.
We asked the snuff-flick slinger how long it had been storing passwords in this way, how many employees had access to the data and what controls it had in place to stop the data leaving its hallowed halls. Facebook has yet to reply. We understand at least some of the passwords were logged as early as 2012.
It has not been a great week for the social media giant, coming hot on the heels of an impressive 14-hour outage following a mystery “configuration change” and a quiet shuffling of feet and staring at shoes regarding its ad targeting system and discrimination.
The megacorp has the usual perfunctory advice for those twitchy about security, including not reusing passwords over multiple systems and picking strong and complex character combinations. It also suggests that two-factor authentication could be used.
Or just don’t use the thing at all. There’s a thought.
And as for the idiot visor announced yesterday, with a resolution quite some way behind HP’s Reverb device, which also debuted this week, we suspect that the “S” in Oculus Rift S stands for the same word users will utter when they get their password notification.
Spoiler: it isn’t “Super”.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India
The post Let’s spin Facebook’s Wheel of Misfortune! Clack-clack-clack… clack… You’ve won ‘100s of millions of passwords stored in plaintext’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2Yilj30
I appreciate Hackadviser for helping me recover my stolen funds 750,000 GBP from Binary Brokers and Fake Hackers within 24 hours. Contact him hackadviserpro @ gmail com for any desired Hacking Services. STOP BEING SCAMMED BY FAKE HACKERS and BINARY BROKERS AND FAKE HACKERS. Hire a Ethical Hacking group who are professional and real. Hack Ethics is an experienced Private Hacking Organization with a spare master key that no one has. It was like a miracle when he helped me recover my 750,000 GBP within 48 hours and now I feel free like a bird. Also he helped monitor my cheating spouse which I got first-hand information from her phone. Now I get all her incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook,whatsapp,bbm,IG etc) , GPS locations, phone tap to get live transmissions on all phone conversations. Specialized in different Hacking Services some of his most popular hacking services or social network and know if your partner is cheating on you hack into your partners phone. He can help you recover your lost binary BTC , TBC, ETH and every other stolen funds within 48 hours.
ReplyDeleteI lost my bitcoin to fake (blockchain) impostors on Facebook, they contacted me as blockchain official support and i fell stupidly for their mischievous act, this made them gain access into my blockchain wallet whereby 7.0938 btc was stolen from my wallet in total .I was almost in a comma and dumbfounded because this was all my savings i relied on . Then I made a research online and found a recovery expert , with the contact address- wizardcyprushacker@gmail.com WhatsApp +1 (424) 209-7204
ReplyDeleteI wrote directly to the specialist explaining my loss. Hence, he helped me recover my bitcoin just after 2 days he helped me launch the recovery program , and the culprits were identified as well , all thanks to his expertise . I hope I have been able to help someone as well.
I was scammed by an Instagram person faking a celebrity i talked with this scammer 8 months via WhatsApp and I sent money to them via Bitcoin then I was cohered to give my banking login and from there they hustled me out of my 20k from the unemployment money they said oh I routed money to your account and never gave me time to verify that was my unemployment money. They were really patient with me and waited 8 months for my payment then I exposed them...by video on WhatsApp.They asked me to bitcoin the money via atm. But for the timely intervention of Mr. Larry Wizard , who just in kick-off on time got back my $20,000. He is really good at what he does, I have recommended him to friends and co-workers who all became satisfied customers. He has helped me a lot in the trading industry, you can reach him at (Larrywizardhacking@gmail.com) for Everything. Hacking and Funds Recovering he is the best and has different skills in funds recovering and exposing scammers. Am glad and happy to recover back my money
ReplyDelete(Larrywizardhacking@gmail.com) WhatsApp +971551744806 You can also
text or call +971551744806.