Facebook: your passwords ̶н̶е̶ secure
When creating an account, Facebook encrypts the user’s password using the “scrypt” hash function. “Salt” is also added there, which protects when brute-forcing the password using dictionaries.
But yesterday it became known that due to a failure in Facebook, applications that encrypt user passwords did not work for a long time.
Thus, the company stored the passwords of hundreds of millions of users in clear text in text files. The company learned about this in January of this year.
The problem with a possible password leak affected:
— Tens of millions of Facebook users.
— Hundreds of millions of Facebook Lite users.
— Tens of thousands of Instagram users.
The first unencrypted passwords date back to 2012. Almost 20,000 employees had access to files with passwords.
Facebook recorded that about 2,000 developers made approximately 9 million internal requests for files containing specified passwords.