. https://thycotic.com/company/blog/2019/03/22/facebook-password-breach-what-you-need-to-know/
blog article
Yesterday Facebook disclosed during a routine security review they discovered “some” user passwords were being stored unencrypted, but the passwords were not visible to anyone outside of Facebook. Facebook’s definition of “some” doesn’t really illustrate the full magnitude of this event. We are talking hundreds of millions of users that are affected. False Reassurance. Facebook released an official statement declaring, “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” Assuming they follow a Secure Systems Development Lifecycle (SSDLC), this should be core protection built into the system and verified.  That there is no evidence anyone external to Facebook had access to the un-encrypted passwords is not reassuring. Was this a flaw or accepted risk? More questions than answers. So, what went wrong and how could plain-text credentials go undetected since 2012? As a Facebook user, I wonder why an internal employee would need access to my un-encrypted password. Ultimately, it’s still up to the consumer to govern data shared with services like these. At no time should the passwords ever have been left in clear text. READ MORE