WELCOME

In the post, Canahuati explained that the company doesn't know

Oct. 12, 2017 by James Ashley

In the post, Canahuati explained that the company doesn't know the exact location or email address of its servers, but the results of the inspection showed that the passwords had been "marked" by the company's database.

"We will provide all of our users with our latest, latest security updates on a regular basis to ensure they are fully secure," he wrote. "In the meantime, the information collected is being analyzed and we will notify customers of any changes to our system and our plans to address such issues through the end of the year. Facebook is looking for the correct information."

In response to Krebs' post, Facebook said it has decided not to use the unencrypted credentials for any future accounts. "We are not aware of any cases in which a user has access to or otherwise gained access to a user's private data without authorization, we simply do not want to discuss it," a spokesperson said in a statement. "We remain committed to providing our users their best security."

Krebs writes that a Facebook engineer at the time was asked to look into the matter. The employee was offered the job immediately, but said he didn't want to divulge his employer's identity. "The employee told me that he had an employee's login history and that I asked for someone to provide it to him, and he told me he couldn't because the company's login logs are still not encrypted and not accessible to his own or anyone else," Krebs writes. "I've sent a message to the company asking for their help and it's been resolved. But the employee is currently doing his normal work and I'm still going to do my work, so it's unclear if I'm going to receive a call or respond to a request. It's just a matter of trying not to break the law."

Krebs also points out that Facebook would likely have found no evidence that the unencrypted credentials were being used to access personal information, or "know your customer."

"Facebook is using a process called 'unencrypted access to user data' to protect people's personal data from being accessed, but it's not the only way of keeping people safe," Krebs writes.

"We've found no evidence that unencrypted access to user data was used to alter or alter their identity, we just don't want to discuss it," a spokesperson said in response to Krebs' post. "We are working to identify the user who stole or changed their password and take appropriate action to prevent the misuse of their personal