Facebook's Belly Flop

After a whistle blower leaked the news to journalist Brian Krebs, who announced it on his blog, Facebook officially admitted that it has stored hundreds of millions of user passwords without encryption for the past seven years. Coming a couple weeks after Mark Zuckerberg made a splashy announcement about the company’s big pivot to encryption, this incident may turn his splash into a belly flop. Of all Facebook’s security and privacy blunders in the past couple years, this one is the most puzzling and infuriating. It appears Facebook violated five fundamental tenets of data security: Never store passwords in plaintext. Industry best practice stores passwords as salted hashes. Facebook says th


a blog about cybersecurity

© 2020 Taproot Security

This site uses cookies for security.

Our cookies do not store personal information.