Facebook stored millions of unencrypted user passwords on internal servers

Facebook released a notice in March 2019 stating several million user passwords were kept in a readable unencrypted format on their own internal servers.  However, Facebook maintains that this data was never publicly available or misused and will notify individual users affected by this issue.

Facebook reports data breach of millions of user accounts

Facebook reported a data breach of at least 50 million user accounts on September 28th 2018. This was related to Facebook’s “View As” feature, which has been temporarily disabled while the company continues its investigation. Facebook has reset the access tokens of the almost 50 million accounts affected by the breach, as well as another 40 million accounts that had a “View As” look-up in the last year. These 90 million users will now have to log back in to Facebook.

Facebook posted a second update on October 12th regarding this data breach. They now believe 30 million user access tokens were affected instead of 50 million. The data breach did not affect Instagram, WhatsApp, Messenger, Messenger Kids, Workplace, Pages, payments, third-party apps, Oculus, or advertising or developer accounts.  Facebook users can check if their account was affected at www.facebook.com/help/securitynotice?ref=sec while logged into their Facebook account.

Technology companies collaborate on Data Transfer Project

Some of the world’s largest technology companies are working together on the Data Transfer Project (DTP). The purpose of this project is to build an open source common framework that can allow users to easily transfer data between any two data platforms.

Most of the major technology companies are represented, including:

More information is available at https://datatransferproject.dev and at the project’s GitHub page https://github.com/google/data-transfer-project.