Facebook's Passwords in Plain Text Was Intentional

News hit a couple of days ago that Facebook had millions of passwords in plain text.  You might be asking how or why they would ever do this?  Being a technology company that is over 20 years old, how could they store passwords in plain text?  Most companies these days would never store their passwords in plain text.  If you were to review the guidelines today, security experts around the world would tell you to encrypt the passwords or hash the passwords.  So, why did Facebook do it?

I can only conclude that after being more than 20 years old, Facebook intentionally kept the passwords as plain text.  Hashing and encrypting passwords is an industry standard.  All security staff around the world are aware of this fact.  They must have multiple security experts on staff. The staff had to bring this to the attention of upper management.  Upper Management simply ignored or they used these passwords for something else.  That something won't be known, but I can suspect they wanted to analyze the passwords for other purposes.

To a more destructive purpose, they could use your password to log in and manipulate other services you might use.  Facebook could log in to Hulu and see what shows or videos you might be interested in.  They can then take this new data and build a profile of who you are as a person, your interests and your hobbies.

  1. https://www.nytimes.com/2019/03/21/technology/personaltech/facebook-passwords.html
  2. https://mashable.com/article/facebook-plain-text-passwords/#WFWt0j3eZOqk
  3. https://auth0.com/blog/hashing-passwords-one-way-road-to-security/