After the data of afterwards sensation whole world reveals scandal, facebook suspicion in one's mind of body defect safety. The intermediary outside was being occupied recently reports, the password of several Facebook user stores with proclaimed in writing all the time, employee of thousands of Facebook can inquire! Below certain circumstance, the password is OK even restrospect to 2012. . . . . . Those who rejoice is, current investigation shows still misuse these data without employee.
Author | Brian Krebs
Translator | Bend a month
Editor-in-charge | Guo Rui
It is translation below:
Facebook caused heat to discuss because of safe problem again!
The message exploded recently piece, facebook application process is not right the close yardage of the user adds close processing according to doing, store directly with the form of simple text go up in the server of company interior. -- it is reported, this message originates at first hip and the advanced Facebook employee that does not wish to disclose a full name.
The message personage of Facebook expresses, up to now investigation shows, have 200 million - code of user of 600 million Facebook stores with the form of simple text all the time, and employee of more than 20 thousand Facebook can be searched. Message personage says Facebook still has how many password to be exposed unexpectedly in thorough inquire, and exposed time, but so far it is OK that investigation still discovers the problem that saves user code with proclaimed in writing restrospect to 2012.
Facebook in-house personage expresses, visit log shows, about 1000 2 engineers and development staff are opposite the data that includes code of simple text user had internal inquiry about 9 million times. Message personage says, "The time that analyses as development increases, the legal personage of Facebook decides the number of a statistical lowest, they plan nowadays through be being calculated only at present the data in data storehouse narrows this number. They plan nowadays through be being calculated only at present the data in data storehouse narrows this number..
When accepting KrebsOnSecurity to interview, scott Renfro of Facebook software engineer expresses, this company still cannot give the number that issues put oneself in another's position -- for example after all employee of how many Facebook can visit data.
Renfro expresses, this company plans to inform the Facebook that suffers an effect of the user, but the user does not need replacement password. He says: "So far, we had not discovered any somebody search the circumstance of the password in cold blood, the evidence that also misuses these data without discovery " . "Below this kind of circumstance, we discover these passwords are undesigned record, but won't cause real risk. We hope to confirm these Hunan move clear, and the user just enforces to change a code below the circumstance that can abuse evidence in existence only. And the user just enforces to change a code below the circumstance that can abuse evidence in existence only..
The written statement that Facebook submits to KrebsOnSecurity says, user of the Facebook Lite user that predicts this company can notify number, thousands of 10 thousand other Facebook and several Instagram user. Among them, facebook Lite is to be join speed only inferior the Facebook version that designs with low norms mobile phone.
Recently a few months, github and Twitter once were forced to admit to have similar problem, but to this two, only ability of company inside small number of people uses the code of simple text user, and use time is shorter also.
Renfro expresses, this problem in January 2019 first exposure, safe at that time engineer examined a few new codes, discover the password is saved with form of proclaimed in writing inadvertently. Renfro says: "They became a small-sized working group accordingly, ensure the place that produces a problem to the likelihood undertook extensive checkup. We have a series of control measure to alleviate these problems, to prevent this kind of circumstance happening, we are investigating the variation that counts infrastructure for a long time. At present we are examining daily record of a few inquiry, we need to affirm whether to exist to be opposite to the abuse of this data or someone else the visit of this data. We need to affirm whether to exist to be opposite to the abuse of this data or someone else the visit of this data..
The password problem of Facebook brought a paragraph of hard course to this socialization network. Before before long, new York Times says, the data that confederative inquisitor is in pair of Facebook and the company of science and technology with a few the biggest whole worlds to reach trades to be investigated into thing of carry out a death sentence.
Some earlier this month moment, facebook suffers the attack of safety and privacy expert, because its stem from safe reason (for example double attestation) , use user telephone number at other utility (for example sale, advertisement and the different platform that adopt gregarious network use telephone number to search an user) .
Textual: Https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/