NPC: No evidence yet to show passwords were accessed outside Facebook

MANILA, Philippines — A Facebook official said there is no evidence yet to prove that anyone “internally abused or accessed data” of passwords of millions of Facebook users, National Privacy Commission said Friday.

The NPC said Facebook Privacy and Public Policy Manager for Asia Pacific, Arianne Jimenez, reported that they will notify all those users affected by the exposed passwords.

“Jimenez reaffirmed that they found no evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected,” NPC Commissioner Raymund Liboro said in a statement.

This was after Facebook announced that the passwords of “millions of users” were being stored in a readable format by their employees.

READ: Facebook says ‘millions of passwords’ left readable by employees
https://technology.inquirer.net/84509/facebook-says-millions-of-passwords-left-readable-by-employees?utm_expid=.XqNwTug2W6nwDVUSgFJXed.1

However, Facebook assured that the passwords were never visible to anyone outside of their company.

The NPC is still wary though of the social media giant’s lax internal controls, citing a study that data breaches come from employees or contractors.

“There is little comfort in knowing that the world’s largest repository of personal data practices such lax internal controls,” Liboro said.

“In a 2018 study, the Ponemon Institute (a global information security think tank) found that 60 percent of businesses indicated that their data breaches come from negligent employees or contractors,” he added.

The NPC advised affected Facebook users to change their password and enable “multi-factor authentication.” /ee