Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

Facebook Employees Had Access To Millions Of Unprotected Passwords

In a blog post titled “Keeping Passwords Secure," Facebook explained that it had not.

Posted on March 21, 2019, at 1:38 p.m. ET

Getty Images/Josh Edelson

Facebook stored tens of millions of user passwords in a readable format within its internal data storage systems, the company explained in a Thursday blog post entitled “Keeping Passwords Secure."

The company told Krebs Security, which first reported the data breach, that its internal investigation has not found evidence that employees abused access to this data. The company said it will notify affected users, which include people who used Facebook Lite, Facebook, and Instagram.

"In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them," the company said. "There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook."

An anonymous Facebook source told Krebs Security that anywhere between 200 million and 600 million Facebook users may have had their account passwords stored in plain text, which would have made them accessible to more than 20,000 Facebook employees. The company's internal investigation has found archives with plain text user passwords stored in them dating back to 2012, the source told Krebs Security.

The disclosure comes weeks after Facebook users complained that there is no opt-out feature to share personal phone numbers stored on the application for security purposes with third party marketers. It is also the latest in a long string of self-inflicted scandals, and screwups that has inspired intense regulatory scrutiny.

The incident could be a violation of the EU’s new General Data Protection Regulation (GDPR), which mandates that companies store passwords securely and notify anyone affected by a privacy breach within 72 hours.

From the Irish data protection commissioner, which regulates Facebook in Ireland: “Facebook have been in contact with us and have informed us of this issue. We are currently seeking further information.”


An Irish data protection commissioner, which regulates Facebook in Ireland, told TechCrunch that Facebook has been in contact with the agency "and have informed us of this issue."

"We are currently seeking further information,” the commissioner added.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.