Facebook Left Millions of Passwords Unhashed

Infosecurity Magazine | March 21, 2019

Facebook Left Millions of Passwords Unhashed
During a routine security review in January 2019, Facebook discovered that some user passwords had been stored in plain text on its internal data storage systems, an issue that raised concerns given that the company’s login system is supposed to mask passwords, according to the Facebook newsroom. The security flaw has reportedly been fixed, and Facebook said it will be notifying everyone whose passwords were unencrypted, which it said could be hundreds of millions of Facebook users in addition to tens of thousands of Instagram users. The social media platform did emphasize in its news release that “these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” According to Facebook's security policy, user passwords are supposed to be hashed and salted at the time an account is created, which makes them unreadable. However, “access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords,” an unidentified Facebook source told KrebsonSecurity.

Spotlight

Explore this white paper to learn about the risks associated with privileged accounts, and how to mitigate those threats by enabling granular access control and accountability – while preserving necessary access and ease of use.

Related News

DATA SECURITY

Coding Dojo to Launch Cybersecurity Bootcamp for Students

Coding Dojo | June 16, 2021

A leading technology education company, Coding Dojo, has announced its launch of Online Part-Time Cybersecurity Bootcamp, which focuses on preparing entry-level careers for students in IT and network security. Zero is the percent of unemployment for cybersecurity jobs. Also, the jobs in the field are expected to grow by 31% in the coming years. Coding Dojo has developed this program seeing all these facts. The program will help the students pursue a lucrative career in the field and boost the talent pool for employers. Both CySA+ certifications and CompTIA Security+, the two of the leading hiring requirements, are included in the Cybersecurity Bootcamp program. The 24-week online program guides the students in assessing, identifying, reporting, and mitigating information and technology security risks. Fifty percent of the course is mainly focused on on-the-job scenarios and active threat simulations. The course is designed by CompTIA curriculum professionals and former Department of Defense cybersecurity experts. The course provides hands-on experience in defensive and offensive cybersecurity, certified Ethical Hacker-inspired scenarios, web technologies, systems, networking, and databases. Registration is open for students now as the first cohort is about to start on August 16, 2021. $16,495 is the tuition fee for the program. Various financing options are there for qualified applicants. Students will also be given vouchers for both CompTIA certification exams, with two weeks of the course devoted to instructor-led and lecture-based exam reviews. Tuition also covers industry-leading career services of Coding Dojo, including 1:1 coaching, mock interviews, resume preparation, and workshops to support graduates get new jobs in cybersecurity. About Coding Dojo Coding Dojo, the leading technology education company, offers a three-full-stack computer programming Bootcamp and courses on other emerging technologies such as Data Science. The Learning Management System and innovative curriculum are designed to make students independent developers, even though they do not have enough technical background. Coding Dojo has campuses in six US cities, as well as a part-time online program.

Read More

DATA SECURITY

Cylitic Security Chooses Swimlane to Deliver Enterprise-Grade Security Automation Services at Scale

Cylitic Security | November 15, 2021

Cylitic Security, a cyber security services provider, announced that it has chosen Swimlane, the leader in cloud-scale low-code security automation, to scale up its security operations. Cylitic is pioneering a comprehensive managed security service to help small to medium-sized businesses successfully fight off sophisticated cyberattacks. On average, Fortune 100 companies spend hundreds of millions of dollars annually on dedicated professional cybersecurity analysts, complicated tools, and technologies to continuously monitor their networks looking for anomalies and act in real-time to mitigate threats. Unfortunately, these capabilities are not always realistic for smaller entities. Security talent is expensive and sparse. Some cybersecurity technology vendors won't sell to smaller entities, which is also a disadvantage. Yet, cybersecurity is not a concern only prevalent amongst large-scale enterprises--nor are the associated challenges with keeping an organization secure. Cybersecurity is an industry-wide concern for businesses of all shapes and sizes. Deploying security automation systems can bring the sophistication of enterprise-scale systems to the SMB customer. Low-code security automation provides a robust application development capability for use cases that can be solved with simple drag-and-drop data entry and business logic to extremely complex, sophisticated solutions that meet the needs of the entire organization. Cylitic's purpose is to bring advanced security capabilities and expertise to small to medium-sized customers who normally otherwise wouldn't have this access. Cylitic is leveling the playing field against threat adversaries who specifically target smaller organizations. "We are excited to be partnering with Swimlane. Their platform allows us to scale our security service even further and helps us protect tens of thousands of mission-critical systems for smaller organizations. Technology like Swimlane is common in large, sophisticated Fortune ranked companies and Government agencies. This is yet another piece of the puzzle for Cylitic to democratize the state of technology and tactics for smaller organizations that don't have experienced cybersecurity teams," said Andrew Thornton, Cylitic Security's Chief Security Officer. "Today, every company is a technology company,Moreover, every company is experiencing the impacts of a global talent shortage, and simultaneously, security is having an unprecedented impact on businesses and their bottom line, making cybersecurity a company-wide issue. Together, Swimlane and Cylitic are bringing the power of the low-code security automation to the SMB market, providing a customer-first approach by combining security technology integrations with industry best practices to create market-ready solutions that accelerate time-to-value." Cody Cornell, co-founder, and chief strategy officer, Swimlane About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system of record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization. About Cylitic Cylitic Security provides cyber security technology and services. Collectively the Cylitic team has defended global Fortune companies and critical government systems. Cylitic combines best in class Silicon Valley engineering with exceptional security talent to create the next generation of managed security services. Cylitic's people + technology work synergistically to protect their customers around the clock. The Cylitic team is particularly proud to apply their skills and tools to help protect small mission critical companies.

Read More

DATA SECURITY

Westcoast Limited Strengthens the Cyber Security Portfolio with an AppGuard Malware Disruption Technology Distribution Agreement for Endpoints

prnewswire | February 22, 2021

Westcoast Limited, a main UK wholesaler of IT items and administrations with over £3 billion in yearly incomes, today declared a circulation concurrence with AppGuard, a worldwide endpoint security supplier that shields associations from cyberattacks by disturbing malware from causing hurt. Under the understanding, Westcoast will appropriate AppGuard's malware interruption innovation in the U.K. also, Northern Europe districts, further extending its obligation to empowering Westcoast's affiliates and their clients to more readily guard against cyberattacks by shielding endpoints from being undermined by malware. Conveying driving IT brands like HP, HPE, Microsoft, Lenovo, Apple, and numerous others to an expansive scope of affiliates, retailers and office item vendors in the UK and past, Westcoast and its 9,000 exchanging accomplices and their clients comprehend that network safety is the main test confronting the present organizations. The expansion of AppGuard to Westcoast's network safety portfolio advances propels the organization's obligation to guarantee accomplices and their clients have the guard inside and out they need to ensure against the present progressed malware assaults.

Read More

Spotlight

Explore this white paper to learn about the risks associated with privileged accounts, and how to mitigate those threats by enabling granular access control and accountability – while preserving necessary access and ease of use.