Facebook left millions of user passwords readable by its employees for years, the company acknowledged Thursday after a security researcher exposed the lapse.
By storing passwords in readable plain text, Facebook violated fundamental computer-security practices.
“There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users’ passwords in plain text,” said cybersecurity expert Andrei Barysevich of Recorded Future.
Facebook said there is no evidence its employees abused access to this data. But thousands of employees could have searched them. The company said the passwords were stored on internal company servers, where no outsiders could access them.
The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.2 billion users worldwide.
The security blog KrebsOnSecurity said Facebook may have left the passwords of some 600 million Facebook users vulnerable.
Last week, Facebook CEO Mark Zuckerberg touted a new “privacy-focused vision” for the social network that would emphasize private communication over public sharing.
The company wants to encourage small groups of people to carry on encrypted conversations that neither Facebook nor any other outsider can read.
The fact that the company couldn’t manage to do something as simple as encrypting passwords, however, raises questions about its ability to manage more complex encryption issues – such as in messaging – flawlessly.
Facebook said it discovered the problem in January. But security researcher Brian Krebs wrote that in some cases the passwords had been stored in plain text since 2012.
Security analyst Troy Hunt, who runs the “haveibeenpwned.com” data breach website, said that the situation is embarrassing for Facebook, but that there’s no serious, practical impact unless an adversary gained access to the passwords.
But Facebook has had major breaches, most recently in September when attackers accessed some 29 million accounts.
Jake Williams, president of Rendition Infosec, said storing passwords in plain text is “unfortunately more common than most of the industry talks about” and tends to happen when developers are trying to rid a system of bugs.
He said the Facebook blog post suggests storing passwords in plain text may have been “a sanctioned practice,” although he said it’s also possible a “rogue development team” was to blame.
Hunt and Krebs both likened Facebook’s failure to similar stumbles last year on a far smaller scale at Twitter and Github; the latter is a site where developers store code and track projects. In those cases, software bugs were blamed for accidentally storing plaintext passwords in internal logs.
Facebook’s normal procedure for passwords is to store them encoded, the company noted Thursday in its blog post.
That’s good to know, although Facebook engineers apparently added code that defeated the safeguard, said security researcher Rob Graham. “They have all the proper locks on the doors, but somebody left the window open,” he said.
Watch planet Mercury orbit the Sun this November of 2019
On Nov. 11, individuals over most of the world can capture the planet, Mercury, passing over the sun. This uncommon occasion won’t be seen from Soil once more until 2032.
The littlest planet within the sun oriented framework is additionally the closest to our star, and sometimes it crosses before the sun’s shinning disk from our viewpoint here on Earth. Previously, this happened last in 2016, but after this up and coming travel, we’ll need to hold up another 13 long years to see another one.
Mercury will start its travel over the sun on Nov. 11 at 7:35 a.m. EST (1230 GMT), and the complete trip will generally take five and a half hours, finishing at 1:04 p.m. EST (1830 GMT), concurring to NASA.
The planet will see as a modest, travelling imperfection on the sun’s confront as Soil passes through Mercury’s little shadow. The transiting world will be so tiny that skywatchers will require extraordinary adaptive — telescopes or binoculars prepared with defensive sun oriented channels — to see it.
You can witness this entire phenomenon via the Space.com website where it will be lively webcast. Save the date, Nov. 11, 2019.
These two smartphones are beating Apple in the global market
Concurring to available quarterly deals figures, Samsung and Huawei have come out well ahead of Apple in terms of smartphone shipments.
According to figures from Canalys, Q3 shipments of smartphones in 2019 , Samsung is driving the pack with 78.9 million units, taken after by Huawei at 66.8 million, with Apple completing the top three with deals of 43.5 million units.
Apple will be trusting that its recently-released trio of unused phones will do much to turn around their fortunes. The iPhone 11 was discharged with a lower beginning cost than expected, so that may be a step within the right course to expanding their shipments vis-à-vis Huawei and Samsung.
The presentation of 5G network to following year’s iPhone 12 run, as supposed, might give other welcome deals boost to Apple.
Chinese firms believed to be interested in Expressway project
Chinese firms are believed to be interested in taking on the Expressway project. Their interest was shown after the United States withdrew their plans. Current China-Kenya relation which has seen them secure multiple mega infrastructure projects in the country.
“We shall be able to put it in the market and therefore whoever will be able to give us the best bid, we shall go with that person,” Kenha director-general Peter Mundinia said.
Chinese companies are accused of giving 10 per cent kickbacks to corrupt leaders, hence the high number of projects secured.
“Don’t be surprised the Chinese developing the proposed JKIA Westlands expressway are given the project. The Chinese are highly likely to win the tender,” a source who sought anonymity said.
“Fresh consultations will be required which will inform compensation for affected persons. Currently, we cannot even say who will be affected because the route has not been decided,” a source said.
“We are still working on the finance. Kenya has a challenge of debt and we are wary of burdening Kenyans,” the Envoy had said during the interview.
KeNHA which is the contractor, however, insists there is land for the project.
“Land had been identified along the old alignment but issues arose over bringing down a lot of facilities along the road. We have now found land fully off Mombasa road,” Mundinia had said earlier.
This is how twitter will now handle financial scammers
Already, Twitter took care of cases of extortion through its spam detailing tool. But today’s changes mention accurately what is denied and ought to make it simpler for clients to report fraud.
According to Twitter, clients may not work a fake account or imagine to be an open figure or an organization. Money-flipping plans in which clients inquire for a little sum of cash in return for a more impressive whole are denied, and phishing plans will number as an infringement. To report occurrences of extortion, clients can select “report tweet” from the drop-down menu, select “It’s suspicious or spam” and after that select the sort of infringement.
We’re always updating our rules based on how online behaviors change. Today we're expanding our policies to prohibit financial scams.
Read more: https://t.co/ihBxbTGKk5
— Twitter Safety (@TwitterSafety) September 23, 2019
Twitter might lock accounts that are in infringement and require more information or block them inside and out. It may moreover caution users about possibly risky links and erase particular tweets.
Huawei Mate 30 Series to be released this Month
Huawei took to its official Twitter account earlier today to report that it’ll disclose the Mate 30 series on September 19th. For PhoneArena perusers, usually not a shock; back on Eminent 11th we told you that the company’s president of program advancement, Wang Chenglu, had spilled that date to Hi-tech.mail. The Mate 30 Series will be the manufacturer’s most advanced non-foldable phone produced this year. Under typical circumstances, request for the line might have taken Huawei to the beat of the smartphone industry in terms of shipments. But this has not been an normal year for the firm.
The Huawei Mate 30 Pro is accepted to highlight a 6.7-inch AMOLED curved edge display that will have a 90Hz refresh rate. That’s 50% speedier than the speed found on popular smartphone shows and will lead to smoother liveliness for diversion players and buttery smooth looking over. It moreover may decrease battery life, which is one of the reasons why the Mate 30 Professional ought to transport with a 4500mAh capacity battery interior. Another highlight that calls on the phone’s battery is turn around remote charging. This permits the handset’s raise board to be utilized as a slight charging cushion to control up particular adornments and compatible phones. The Mate 30 will allegedly be prepared with a 4200mAh battery.