An updated entry made yesterday to a post on the Facebook blog (via TechCrunch) reveals that the company left millions
of Instagram passwords in a "readable format." Originally, Facebook
said that "tens of thousands" of Instagram customers were involved.
Facebook says that normally its login systems are designed to "mask
passwords using techniques that make them unreadable."
The
good news is, if you believe Facebook, its investigation has shown that
no one from inside or outside the company accessed these passwords. Of
course, since Facebook updated its original blog post after one month
increasing the number of passwords affected, who knows what they might
say in another month?
"In
line with security best practices, Facebook masks people’s passwords
when they create an account so that no one at the company can see them.
In security terms, we 'hash' and 'salt' the passwords, including using a
function called "scrypt" as well as a cryptographic key that lets us
irreversibly replace your actual password with a random set of
characters. With this technique, we can validate that a person is
logging in with the correct password without actually having to store
the password in plain text."-Facebook
Last month, Facebook admitted that it stored hundreds of millions of passwords in plain text
dating back to 2012. At the time, it was estimated that 200 million to
600 million accounts had their passwords exposed to as many as 20,000
Facebook employees.
Facebook purchased Instagram for approximately $1 billion back in 2012.
The company suggests that subscribers to Facebook, Instagram or
WhatsApp use two-factor authentication when signing in. Besides entering
a password, a code is sent to the subscriber's smartphone that is also
required for a successful login. To set this up, go to the settings menu
from your Facebook app and click on "Security and Login."
Source:News Now.
No comments:
Post a Comment