A Facebook, Instagram bug exposed millions of passwords to its employees

facebook instagram bug exposed passwords facebookpasswordbreach
Facebook

Facebook software meant to disguise user passwords from employee access failed, leaving millions of passwords visible to the network’s employees,  the company said on Thursday, March 21. The network said the bug was discovered in a routine review in January and has since been corrected. The bug exposed passwords for users on Facebook, Facebook Lite, and Instagram.

Facebook hasn’t found any evidence that the passwords were compromised externally — the bug only exposed plain text passwords for the company’s employees, according to Facebook. The company also said they haven’t found evidence of internal employees abusing the information. Facebook didn’t say why it delayed telling users after finding the bug in January.

Passwords on Facebook are meant to be encrypted. The network hashes the password, allowing the system to recognize the correct password without storing the data in plain text. To employees working on Facebook’s backend, passwords should look like jumbled characters that can’t be reverse engineered to display the actual password.

Facebook says they will notify the users that were affected by the bug. The company estimates hundreds of millions of Facebook Lite users were affected, the lightweight Facebook app designed for slower connections. Tens of millions of other Facebook users could also have compromised passwords, along with tens of thousands of Instagram users.

Facebook says that hashing is used with other procedures for password protection, like recognizing when a user signs in with a different device and prompting verification. The network says that they also check for other password breaches since users sometimes use the same passwords across multiple websites.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy, wrote in a blog post. “There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook.”

Facebook says concerned users can reset their password for both Facebook and Instagram inside the settings for each account. The company also suggests using security keys and two-factor authentication. (Facebook, however, will use your phone number for more than two-factor authentication, so we recommend using a third-party authentication app instead of a phone number.)

For Facebook, the password bug is just another bullet point in the network’s growing list of data issues following the Cambridge Analytica scandal. CEO Mark Zuckerberg recently shared his vision for moving toward a more privacy-focused network following the increased scrutiny over the company’s data practices.

Mobile

Huawei's situation in the U.S. may improve when trade war is resolved

The U.S. Commerce Department has added Huawei to its "Entity List." Google, Intel, and ARM are all confirmed or rumored to be ceasing business with the company, which may have disastrous effects on Huawei.
Social Media

Facebook gets a bad rap, former exec says, but we should break it up anyway

The rise of hate speech, the trolling, the comment on Facebook? Not Facebook's fault, says Alex Stamos, the social network's former chief security officer. But the site should still be broken up, he says.
Social Media

Millions of Instagram influencers reportedly had private data exposed online

As many as 49 million Instagram influencers have reportedly had their private data exposed in an online database that had no password protection. The database was apparently created by a marketing firm and has been taken offline.
Digital Trends Live

Digital Trends Live: Google and Huawei, Alphabet’s meatball drones, and more

On Monday's episode of DT Live, we discuss the ongoing battle between Google and Huawei, Alphabet’s meatball-delivering drones, Facebook’s secret robot division, deepfake Joe Rogan, and more.
Social Media

Instagram ditches plans for stand-alone Direct messaging app

Instagram is shuttering it's stand-alone messaging app, Direct, after testing it since 2017. While the messaging features remain intact inside Instagram, the separate app will be discontinued in the next few weeks.
Social Media

6 easy ways to archive all of your favorite Instagram videos

Saving Instagram videos should be just as easy as taking a screenshot. So, we've put together a list of the best apps and tools that save your favorite Instagram videos onto your phone or computer.
Social Media

Instagram’s new Explore grid tempts you to open your wallet

Instagram has made some changes to its Explore tab that might tempt you into the occasional shopping spree. It's also planning to add Stories to the grid, mixing them up with the existing photos and videos.
Social Media

Be the master of your own Insta-verse with multiple Instagram accounts

Whether you own a small business or have separate Instagram accounts for your five cats, we'll walk you through the process of switching between your multiple accounts on your Apple or Android devices.
Social Media

A fond farewell to Grumpy Cat, the internet’s most famous feline

We say farewell and fondly remember Grumpy Cat, the internet's famous frowning feline and a genuine sweetheart, who died at the age of seven. Even tempered and tolerant, Grumpy Cat was in real life the opposite of her online persona.
Mobile

Treat your selfie with one of these 13 apps made to beautify your pics

Selfies might be a phenomenon second only to karaoke, but they're not the easiest thing in the world to create. Thankfully, these awesome selfie apps for Android and iOS will make beautifying your self-portraits easier than capturing them.
Web

Creators of WhatsApp attack software face lawsuit from Amnesty International

This week a spyware attack was launched on WhatsApp. Now the Israeli firm linked to that attack is facing a lawsuit from human rights NGO Amnesty International, alleging their software has been used to surveil human rights defenders.
Mobile

New York could dish out fines for texting while crossing the street

Do you text on your phone while crossing the street? The dangers of stepping out in front of a car or bus are obvious, but in New York, offenders could soon face a fine of as much as $250, too.
Social Media

Help wanted: British royal family seeks social media wiz to run its accounts

The British royal family is looking for a social media expert to help it communicate its role and activities to the masses. So if you like the idea of having the Queen as your boss, why not throw your hat in the ring?
Social Media

Twitter co-founder Ev Williams still wants to save the world

Social media is evil, leading to a mental health crisis in Gen Z and a rise in hate speech. But there’s light at the end of the tunnel, says Ev Williams, the co-founder of Twitter. But weaning ourselves off today's social media won't be…