Cybersecurity Hardware and Software

Facebook admits digital lapse on passwords; PH gov’t offers advice

AS Facebook, the leviathan of social media, admits digital lapse by storing millions of account passwords in plain text — meaning readable by anyone — the Philippine government offered some advice.

The National Privacy Commission (NPC) had caught wind of the incident and immediately contacted a Facebook executive.

NPC head Commissioner Raymund E. Liboro said in a press statement he spoke on March 22 with the social media concerning the incident.

“In a conversation this afternoon with Facebook Privacy and Public Policy Manager for Asia Pacific, Arianne Jimenez, we sought more details. Jimenez reaffirmed that they we found no evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected,” the top NPC official said.

Jimenez was parroting the statement of Pedro Canahuati, VP for Engineering, Security and Privacy at Facebook.

Canahuati published a blog on the digital lapse on March 21 admitting the incident.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” said Canahuati.

He gave the a figure of “hundreds of millions” users of Facebook Lite users, and “tens of millions of other Facebook users, and tens of millions of Instagram users” that the social media platform would be sending notifications to.

He said Facebook Lite as the version that the people in regions with lower connectivity used.

Canahuati said the plain text passwords (or “readable format”) were discovered during “a routine security review in January.”

Meanwhile, on TechCrunch it was reported that Canahuati’s blog post was “prompted by a report by cybersecurity reporter Brian Krebs, who said “logs were accessible to some 2,000 engineers and developers.”

In response to Facebook’s digital lapse, here’s the privacy commission’s statement sent to SDN — Scietech and Digital News:NPC“Today, Facebook announced that millions of users’ passwords were discovered in January to be stored in a readable format within their internal data storage systems. This first came about after a revelation by a security expert, who claims that this practice has been going on since 2012 and that the passwords could be accessed by more than 20,000 employees of Facebook.

“The storage of Facebook passwords in plain text needlessly exposed people to risk. Passwords that are stored in plain text are more easily and readily stolen by those who intend harm; they may even be compromised by accident.

“In a conversation this afternoon with Facebook Privacy and Public Policy Manager for Asia Pacific, Arianne Jimenez, we sought more details. Jimenez reaffirmed that they we found no evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected.

“Even if there is shown to be no evidence of abuse, there is little comfort in knowing that the world’s largest repository of personal data practices such lax internal controls. In a 2018 study, the Ponemon Institute (a global information security think tank) found that 60% of businesses indicated that their data breaches come from negligent employees or contractors.

“If you are affected and you receive notice from Facebook, change your passwords immediately and enable multi-factor authentication. Begin to exercise better digital hygiene.”

As this developed, Filipino social media users, and they are ranked Number 1 in the world, have to wait for further action from NPC and Liboro concerning Facebook’s yet another “transgression” of its users’ privacy. (EKU)

Featured image courtesy of Facebook blog.

Hello, Cyber World! A journalist's passion for news, which for me is every and any kind of news, but specially on Science, Technology, Innovation, Digital, and Current News, or just about anything under Heaven, birthed this news platform. Disclosure: I am not a scientist nor an expert on anything Science, and not a techie either; just some journalist who loves and care to bring the good news and share them to everyone out there. It is a big, big physical world out there, but the Industrial Revolution 4.0, the Internet in the Digital Age, has shrunk Earth into one small virtual community. Each human being a "neighbor" to everyone in the Philippines and in any point of the compass. Whatever you may see or think could be my and this site's shortcoming, my apologies. So, there, please join me in my journey in cyberspace! Be home, be safe, be mindful of your neighbors, of the Creator! Thanks so much.

0 comments on “Facebook admits digital lapse on passwords; PH gov’t offers advice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: