Security Social Media Tech News

Facebook Admits Storing Passwords in Plain Text

Dave Parrack 21-03-2019

Facebook has admitted that it stored the passwords of hundreds of millions of Facebook users in plain text. And while these passwords were only visible to Facebook employees, this is still another example of lax security inside the social network.


Facebook is having a torrid time. There was the Cambridge Analytica scandal Facebook Addresses the Cambridge Analytica Scandal Facebook has been embroiled in what has come to be known as the Cambridge Analytica scandal. After staying silent for a few days, Mark Zuckerberg has now addressed the issues raised. Read More , the spread of fake news, and ad campaigns influencing elections. There was also the Facebook hack affecting 50 million users Facebook Hack Affects 50 Million Accounts Around 50 million Facebook users may have had their accounts accessed as part of a major security breach. Which isn't good news. Read More , and the Facebook bug exposing users’ photos Facebook Bug Exposes Users' Photos A Facebook bug means thousands of third-party apps had temporary access to photos they didn't have permission to view. Read More .

And now we discover that Facebook has been storing passwords in plain text.

Facebook Fails at Keeping Passwords Secure

In a blog post titled “Keeping Passwords Secure“, Facebook admits that “some user passwords were being stored in a readable format within our internal data storage systems”. That “some” actually means hundreds of millions of Facebook users.

Krebs on Security, which first reported the story, quotes a figure of “between 200 million and 600 million Facebook users,” and suggests these passwords were “searchable by more than 20,000 Facebook employees”. Which is no laughing matter.


Facebook says it has “fixed these issues” and “will be notifying everyone whose passwords […] were stored in this way”. The social network also claims it has “found no evidence to date that anyone internally abused or improperly accessed them”.

What’s more, Facebook has made it clear that it normally hashes and salts user passwords to avoid storing them in plain text. However, for undisclosed reasons, this system failed, exposing hundreds of millions of Facebook users’ passwords to Facebook employees.

Is It Time to Delete Facebook?

If you are one of the people affected by this issue, Facebook will be in touch. At that point, Facebook is suggesting you change your password and consider enabling two-factor authentication. Or you could just delete Facebook and finally be done with it.

It should be noted that this security issue appears to have hit Facebook Lite users particularly hard, as they make up the bulk of those affected. And while this may not exactly encourage you to use it, here’s our review of Facebook Lite What Is Facebook Lite and Can It Replace Facebook? What is Facebook Lite? Here's everything to know about what Facebook Lite is and how it differs from the standard Facebook app. Read More from 2015.

Related topics: Encryption, Facebook, Online Security, Password.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Pat
    March 22, 2019 at 3:37 pm

    Never had a Facebook account, never will.