Millions of Facebook Passwords Kept in Plain Text for Employees to Access

| March 22, 2019

article image
Perhaps we should all change our Facebook passwords to play it safe, following news that Facebook kept, from as early as 2012, “hundreds of millions” of user account passwords in plain text, making them available to some 20,000 employees, writes KrebsOnSecurity following a tip from a source at Facebook. According to Brian Krebs, Facebook is looking into a number of application “security failures” that led to the logging and storage of unencrypted password data on the internal network. This glitch may have affected between 200 million and 600 million accounts, but the company is still investigating before it reveals the exact number of exposed passwords, as well as details on the timeframe or employees who may have accessed the data. “The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source told KrebsOnSecurity. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.” The social network says no evidence suggests the data was manipulated or compromised in any way by its employees and doesn’t urge users to reset their passwords.

Spotlight

Nasdaq Bwise

Nasdaq BWise is a global leader in Enterprise Governance, Risk Management and Compliance (GRC) software. Based on a strong heritage in business process management, the BWise® GRC Platform provides companies with highly-rated, proven software solutions for Risk Management, Internal Control, Internal Audit, Compliance & Policy Management, Information Security and Sustainability Performance Management.

OTHER ARTICLES

Best Cybersecurity Tips for Remote Workers

Article | June 21, 2021

Remote working and cybersecurity risks, unfortunately, go hand in hand. As the COVID-19 pandemic appears to be far from over, cyber threats to individuals and businesses continue to loom large. The only solution at the moment is to invest in robust technology solutions that protect your network and to train employees in cybersecurity so that they develop healthy remote working practices. If you allow a bulk of your employees to work remotely, it is important to adopt a few basic habits to protect your devices and your business network from cyber criminals. Here’s a quick look at a few basic tips for remote workers that can go a long way in enhancing the overall security posture of your organisation. Passwords provide the first line of defense against unauthorized access to your devices and personal information. By creating a strong, unique password, you increase protection levels tremendously. You make it more challenging for cybercriminals to gain access and disrupt your systems networks. Rule number two is never to ignore those little pop-up windows that tell you that software updates are available for your device. Once you get such a notification, be sure to install the latest software as soon as possible. Timely software updates (including antivirus updates) help patch security flaws and safeguard the computer system. Are you busy with your work and don’t like to be distracted by such notifications? We highly suggest you encourage your employees to select auto-update for software on both mobile devices and computers. It will help you and your staff to prevent problems caused by delayed system updates.

Read More

What is Ransomware and What You Need to Know to Stay Safe?

Article | June 21, 2021

While there may be more than 1 billion pieces of malware prowling the internet for a chance to infect victims, one particular piece of nastiness has been inflicting financial losses and security headaches for years.Known as ransomware, its sole purpose is to block access to computer systems or files until the victim pays a ransom. These ransom demands fluctuate wildly, from the equivalent of a couple of hundred dollars to several hundred thousand. In the simplest terms, ransomware is a piece of malicious software that prevents users from using their devices or accessing their personal or important files, unless a sum of money is paid. Payment is usually demanded in cryptocurrency, such as Monero or Bitcoin. Victims are told to purchase these digital assets and then transfer them to the attackers.

Read More

Creating and rolling out an effective cyber security strategy

Article | June 21, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

We Need to Improve Cybersecurity Standards in Space

Article | June 21, 2021

Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months. These new satellites have the potential to revolutionise many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the US and internationally. As a scholar who studies cyber conflict, I’m keenly aware that this, coupled with satellites’ complex supply chains and layers of stakeholders, leaves them highly vulnerable to cyberattacks.

Read More

Spotlight

Nasdaq Bwise

Nasdaq BWise is a global leader in Enterprise Governance, Risk Management and Compliance (GRC) software. Based on a strong heritage in business process management, the BWise® GRC Platform provides companies with highly-rated, proven software solutions for Risk Management, Internal Control, Internal Audit, Compliance & Policy Management, Information Security and Sustainability Performance Management.

Events