A Facebook, Instagram bug exposed millions of passwords to its employees

facebook instagram bug exposed passwords facebookpasswordbreach
Facebook

Facebook software meant to disguise user passwords from employee access failed, leaving millions of passwords visible to the network’s employees,  the company said on Thursday, March 21. The network said the bug was discovered in a routine review in January and has since been corrected. The bug exposed passwords for users on Facebook, Facebook Lite, and Instagram.

Facebook hasn’t found any evidence that the passwords were compromised externally — the bug only exposed plain text passwords for the company’s employees, according to Facebook. The company also said they haven’t found evidence of internal employees abusing the information. Facebook didn’t say why it delayed telling users after finding the bug in January.

Passwords on Facebook are meant to be encrypted. The network hashes the password, allowing the system to recognize the correct password without storing the data in plain text. To employees working on Facebook’s backend, passwords should look like jumbled characters that can’t be reverse engineered to display the actual password.

Facebook says they will notify the users that were affected by the bug. The company estimates hundreds of millions of Facebook Lite users were affected, the lightweight Facebook app designed for slower connections. Tens of millions of other Facebook users could also have compromised passwords, along with tens of thousands of Instagram users.

Facebook says that hashing is used with other procedures for password protection, like recognizing when a user signs in with a different device and prompting verification. The network says that they also check for other password breaches since users sometimes use the same passwords across multiple websites.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy, wrote in a blog post. “There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook.”

Facebook says concerned users can reset their password for both Facebook and Instagram inside the settings for each account. The company also suggests using security keys and two-factor authentication. (Facebook, however, will use your phone number for more than two-factor authentication, so we recommend using a third-party authentication app instead of a phone number.)

For Facebook, the password bug is just another bullet point in the network’s growing list of data issues following the Cambridge Analytica scandal. CEO Mark Zuckerberg recently shared his vision for moving toward a more privacy-focused network following the increased scrutiny over the company’s data practices.

Social Media

Facebook says it unintentionally uploaded email contacts of 1.5 million users

Facebook says that over the last two years it unintentionally uploaded the email contacts of 1.5 million users as they signed up to the social networking service. The process has ended and the email addresses are being deleted.
Digital Trends Live

Digital Trends Live: Facebook data security, Ubisoft helps Notre Dame, and more

Join DT Live as we discuss Facebook security issues, Ubisoft's plan to help rebuild Notre Dame, and more. We are also joined by Emily Teteut of Snap the Gap, Jennifer Sendrow of New York Public Radio, and DJ and producer Zeke Thomas.
Digital Trends Live

Digital Trends Live: Samsung Galaxy Fold woes, zombie pigs, and more

Today's topics: Samsung Galaxy Fold, Facebook A.I. voice assistants, YouTube comes to Fire TV, facial recognition on airline flights, the SpaceX DART program, Yale's zombie pigs, and much more!
Smart Home

Oh, Zuck, no! Facebook rumored to be creating a voice assistant to rival Alexa

Facebook hasn't been a big player in the smart speaker market, but that may be changing: The social media giant is reportedly working on a digital assistant to compete against Alexa and others.
Social Media

How to download Instagram Stories on iOS, Android, and desktop

Curious about how to save someone's Instagram Story to your phone? Lucky for you, it can be done -- but it does take a few extra steps. Here's what you need to know to save Instagram Stories on both iOS and Android.
Social Media

Facebook, Instagram, and WhatsApp went down worldwide for 2 hours this morning

Chaos erupted on the internet this morning, as Facebook, Instagram, and Whatsapp all went down from 6:30 a.m. to approximately 9 a.m. Thousands of users were unable to access the sites or send or receive Whatsapp messages.
Mobile

Skype screen sharing for mobile will let you share your swipes on dating apps

Skype is prepping the launch of screen sharing for mobile so you can share your swipes on dating apps, shop with buddies, or, perhaps, show a PowerPoint presentation to coworkers. It's in beta just now, but anyone can try it.
Social Media

Facebook toys with mixing Stories and News Feed into one swipeable carousel

Facebook's News Feed could look a lot like Stories if a prototype the social media giant is working on rolls out to users. The design change mixes Stories and News Feed posts into a full-screen slideshow that users swipe left to navigate.
Social Media

No more moon showers as Facebook Messenger’s dark mode gets official rollout

Facebook Messenger launched a dark mode last month, but to activate it you had to message the crescent moon to someone. Now it's been rolled out officially, and it can be accessed in a far more sensible way — via settings.
News

Twitter has revealed a launch date for its handy hide replies features

Twitter has revealed a launch date for a feature that lets users hide replies to their tweets. The hope is that it will help the original poster filter out offensive or irrelevant content from conversation threads.
Photography

After controversial video, China bans ‘Leica’ on social media

A video that referenced Tiananmen Square got the name of the camera company Leica banned from the social media platform Weibo. Leica says the video wasn't an officially sanctioned promotion.
Photography

Photography News: Instagram’s disappearing likes, the best photos of the year

In this week's Photography News, see why Instagram is testing a version that excludes the number of likes a post gets. Also, see the impressive winners from two photography contests and the latest features coming to the Fujifilm X-T3.
Photography

Earn more likes on your photos with the best cameras for Instagram

Looking to snap better Instagrams? Instagram doesn't demand high-resolution files, but upgrading your camera can deliver better bokeh and low-light quality. Here our the best cameras for Instagram.
Social Media

Vine co-founder launches beta test for new video-looping app Byte

Vine co-founder Dom Hofmann has finally launched the beta version of Byte, a new video-looping app expected to closely resemble the one that closed down in 2017 after owner Twitter withdrew support.