4hw.com.cn comprehensive report: according to a report released by network security expert Klebs on the 21st, the account passwords of hundreds of millions of users stored in social networking site 'Facebook' are not encrypted, and can be displayed to thousands of employees of the company in plain text format. On the 21st, Facebook confirmed the report in an article. It is reported that this vulnerability may affect as many as 600 million Facebook users around the world.
According to reports, the affected 'Facebook' users account for a large part of its 2.7 billion total users. Facebook said on the 21st that it plans to start notifying users who may be affected. On the same day, after the report was published, its share price also fell.
'as part of our routine security review in January, we found that some user passwords are stored in our internal data system in a readable format. This attracted our attention, because our login system is designed to use technology that can't be read by the outside world to block the user's password. We have solved these problems, and as a preventive measure, we will inform users who may be affected, "Facebook said in a statement on the 21st.
According to reports, these vulnerabilities can be traced back to 2012. Klebs quoted Scott Renfro, a Facebook software engineer, as saying that the company did not find any abuse of the data and that "there was no real risk of these vulnerabilities" at the time.
However, due to years of privacy and security scandals, 'Facebook' has been subject to close scrutiny, and these scandals have made the company subject to criticism from its users, as well as supervision and fines from a number of government regulators. The Facebook scandal has not significantly reduced the number of daily active users of the company. Although critics of Facebook argue that users should delete their accounts in order to protect their privacy, Facebook's user activity has increased in the last quarter.
There is no doubt that this incident will draw the attention of the Irish Data Protection Commission, the EU's department responsible for network data security. On May 25, 2018, the EU general data protection regulation came into effect. The rules allow Internet companies to notify people affected by privacy leaks within 72 hours, and require companies to store user passwords securely.