Facebook員工竟能讀取用戶密碼

最近，他們又爆出了一個特大簍子：很多用戶的密碼竟然是用明文儲存的，員工可以隨意查看……

Facebook is currently investigating the extent to which it accidentally logged and stored unencrypted password data, according to security expert Brian Krebs.

據(jù)安全專家布萊恩·克雷布斯稱，F(xiàn)acebook目前正在調(diào)查其意外記錄并存儲未加密密碼數(shù)據(jù)的事到底有多嚴重。

This is just the latest in a long line of privacy-related scandals Facebook has endured, further calling into question its ability to keep users secure.

這只是Facebook一長串與隱私有關(guān)的丑聞中最新的一件，這讓人們進一步質(zhì)疑其保護用戶安全的能力。

Citing anonymous sources, the report says Facebook employees built applications that stored password data for between 200 million and 600 million users in plain text on internal servers.

報告引用匿名人士的話說道，F(xiàn)acebook員工開發(fā)的應(yīng)用程序在內(nèi)部服務(wù)器上以純文本形式為2億至6億用戶存儲密碼數(shù)據(jù)。

More than 20,000 Facebook employees had searchable access to those accounts. The investigation is ongoing, but already the company has found vulnerable data that dates back to 2012, writes Krebs.

超過2萬名Facebook員工可以搜索訪問這些賬戶。這項調(diào)查仍在進行中，但是該公司已經(jīng)發(fā)現(xiàn)了可以追溯到2012年的易受攻擊的數(shù)據(jù)，克雷布斯寫道。

His source says 2,000 developers and engineers turned up plain text passwords within 9 million data queries. The company allegedly does not know how many passwords were exposed, or for how long.

他的消息來源說，2000名開發(fā)人員和工程師在900萬個數(shù)據(jù)查詢中發(fā)現(xiàn)了純文本密碼。據(jù)稱，該公司不知道有多少密碼被泄露，也不知道泄露了多長時間。

Facebook has come under scrutiny for the way it handles user data, and with whom it shares that data.

Facebook因為其處理用戶數(shù)據(jù)的方式，以及與誰共享這些數(shù)據(jù)而受到了密切關(guān)注。

In September 2018, the company revealed an attack on its network that affected the personal data of some 50 million accounts. More recently, Facebook CEO Mark Zuckerberg vowed to take user privacy more seriously and promised more encryption and other privacy tools.

2018年9月，該公司披露其網(wǎng)絡(luò)受到攻擊，影響了約5000萬個賬戶的個人數(shù)據(jù)。最近，F(xiàn)acebook的首席執(zhí)行官馬克·扎克伯格發(fā)誓會更加嚴肅地對待用戶隱私，并且承諾提供更多加密和其他保密工具。

Critics called into question Facebook’s ability to develop a privacy-centered platform–and the consequences of such a move, since encryption could make it more difficult to track toxic content on the platform.

批評人士對Facebook開發(fā)以隱私為中心的平臺的能力，以及此舉的后果提出質(zhì)疑，因為加密可能會加大追蹤平臺上不良內(nèi)容的難度。

In a conversation with Krebs, Facebook engineer Scott Renfro said users would not likely have to change their passwords, because there was no evidence that employees searched for passwords explicitly.

在與克雷布斯的談話中，F(xiàn)acebook工程師 斯科特·弗蘭洛表示，用戶不太可能需要更改密碼，因為沒有證據(jù)表明員工會明確地搜索密碼。

In a blog post on password security, Facebook noted that it expects to notify, “hundreds of millions of Facebook Light users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”

Facebook在一篇關(guān)于密碼安全的博客文章中指出，它預(yù)計會向“數(shù)以億計的Facebook輕用戶、數(shù)千萬計的其他Facebook用戶、和數(shù)以萬計的Instagram用戶”發(fā)出通知。