Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords. “The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”

In an interview with KrebsOnSecurity, Facebook software engineer Scott Renfro said the company wasn’t ready to talk about specific numbers — such as the number of Facebook employees who could have accessed the data. Renfro said the company planned to alert affected Facebook users, but that no password resets would be required. “We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Renfro said. “In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Keeping Passwords Secure

https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/

Harvard researchers say certain ADHD medications may increase risk of psychosis

Researchers at Harvard Medical School and McLean Hospital report that certain medications used to treat ADHD may increase the risk of developing psychosis. People taking amphetamines, such as Adderall or Vyvanse, have a greater risk than those taking methylphenidates, such as Ritalin or Concerta, their research shows. The data come at a time when prescription rates and diagnoses of ADHD are on the rise.

Certain medications commonly used to treat ADHD in teens and young adults may increase their risk of psychosis, according to new research from Harvard Medical School and McLean Hospital. The potential of developing psychosis was greater in younger patients who take amphetamines, such as Adderall or Vyvanse, than those taking methylphenidates, such as Ritalin or Concerta, according to a study published in the New England Journal of Medicine on Wednesday. The researchers studied 13- to 25-year-olds. They defined psychosis as hallucinations, delusional disorder, schizophrenia spectrum disorder, major depressive disorder, bipolar disorder with psychotic features or unspecified psychosis. Although the risk is low, the data come at a time when prescription rates and diagnoses of attention deficit hyperactivity disorder are on the rise. Two researchers published in the JAMA Network Open this past August said that in a 20-year period they "found a significant increase in the prevalence of diagnosed ADHD." It's not clear whether more children have ADHD or more are being diagnosed, according to the Centers for Disease Control and Prevention.

Either way, Dr. Lauren Moran, the lead author studying psychosis and prescription medications, said the use of amphetamines has more than tripled recently. "There is not a lot of research comparing the safety profiles of amphetamines and methylphenidate, despite increasing use of these medications," Moran said in a statement. Doctors have noted "patients without previous psychiatric history coming with psychosis" following stimulant use in the past, however.

Researchers analyzed 221,816 patients with ADHD between Jan. 1, 2004, and Sept. 30, 2015. One out of every 486 patients taking amphetamines later required treatment for psychosis, while patients on methylphenidate had a risk of 1 in 1,046. Overall, about 1 in 660 patients reported new-onset psychosis and were prescribed an antipsychotic medication. The study only covers youth who had been recently diagnosed with ADHD and started taking medications and not those who were already being treated with medication. "People who have been on a drug like Adderall for a long time who are taking the drug as prescribed and are tolerating it well are not likely to experience this problem," Moran noted. There were limitations to the study, as it did not cover those with public insurance or who were uninsured. Authors also noted possible misuse of these stimulants. Adderall is popular among college students who use it to help them study. But if that had skewed findings at all, researchers said they would have expected larger effect sizes among college-age patients, which they did not.

https://www.cnbc.com/amp/2019/03/20/harvard-researchers-say-certain-adhd-drugs-may-up-risk-of-psychosis.html

>>5815674

Agreed, no extradition agreement with the US.

>>5815800

I stand corrected, Thank you