AS Facebook, the leviathan of social media, admits digital lapse by storing millions of account passwords in plain text — meaning readable by anyone — the Philippine government offered some advice.
The National Privacy Commission (NPC) had caught wind of the incident and immediately contacted a Facebook executive.
NPC head Commissioner Raymund E. Liboro said in a press statement he spoke on March 22 with the social media concerning the incident.
“In a conversation this afternoon with Facebook Privacy and Public Policy Manager for Asia Pacific, Arianne Jimenez, we sought more details. Jimenez reaffirmed that they we found no evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected,” the top NPC official said.
Jimenez was parroting the statement of Pedro Canahuati, VP for Engineering, Security and Privacy at Facebook.
Canahuati published a blog on the digital lapse on March 21 admitting the incident.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” said Canahuati.
He gave the a figure of “hundreds of millions” users of Facebook Lite users, and “tens of millions of other Facebook users, and tens of millions of Instagram users” that the social media platform would be sending notifications to.
He said Facebook Lite as the version that the people in regions with lower connectivity used.
Canahuati said the plain text passwords (or “readable format”) were discovered during “a routine security review in January.”
Meanwhile, on TechCrunch it was reported that Canahuati’s blog post was “prompted by a report by cybersecurity reporter Brian Krebs, who said “logs were accessible to some 2,000 engineers and developers.”
In response to Facebook’s digital lapse, here’s the privacy commission’s statement sent to SDN — Scietech and Digital News:
“Today, Facebook announced that millions of users’ passwords were discovered in January to be stored in a readable format within their internal data storage systems. This first came about after a revelation by a security expert, who claims that this practice has been going on since 2012 and that the passwords could be accessed by more than 20,000 employees of Facebook.
“The storage of Facebook passwords in plain text needlessly exposed people to risk. Passwords that are stored in plain text are more easily and readily stolen by those who intend harm; they may even be compromised by accident.
“In a conversation this afternoon with Facebook Privacy and Public Policy Manager for Asia Pacific, Arianne Jimenez, we sought more details. Jimenez reaffirmed that they we found no evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected.
“Even if there is shown to be no evidence of abuse, there is little comfort in knowing that the world’s largest repository of personal data practices such lax internal controls. In a 2018 study, the Ponemon Institute (a global information security think tank) found that 60% of businesses indicated that their data breaches come from negligent employees or contractors.
“If you are affected and you receive notice from Facebook, change your passwords immediately and enable multi-factor authentication. Begin to exercise better digital hygiene.”
As this developed, Filipino social media users, and they are ranked Number 1 in the world, have to wait for further action from NPC and Liboro concerning Facebook’s yet another “transgression” of its users’ privacy. (EKU)
Featured image courtesy of Facebook blog.