If you’ve been contemplating quitting the world’s most popular social media platform, this may be the best time to call it quits. It has been reported that hundreds of millions of Facebook account passwords were stored in plain text on its servers. And it knew about it since January. Er, nice one, Facebook.
The company admitted in a blog post on Thursday that it found “some user passwords” were being stored in a readable format within its data storage systems. Some user passwords may be understating the facts. Just a little. How about 600 million users? Cybersecurity reporter Brian Krebs of KrebsOnSecurity said users had their account passwords stored in plain text and searchable, in some cases going back to 2012.
Facebook’s login systems are supposed to mask passwords but due to the security lapse, the plain text logs were accessible to some 20,000 Facebook employees including engineers and developers.
Facebook’s VP of engineering, security and privacy, Pedro Canahuati explained that these passwords were never visible to anyone outside of the social platform. It has found no evidence of anyone internally abusing or improperly accessing the data to date.
Canahauti said that the issues have been fixed and as a precautionary measure, the company will be notifying everyone whose passwords have been found stored in an unmasked way.
Facebook estimates that it will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.
Unconfirmed affected number of users represents about one-fifth of the company’s 2.7 billion users.
Here’s what you can do to secure your account, if you still plan to still stick around:
- Change your Facebook and Instagram passwords. Avoid reusing passwords across different services.
- Make sure you use a secure, strong password (a mix of letters, numbers, capitalisation and symbols). A password manager app may also help.
- Enable security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app like Google Authenticator or LastPass.
Security issues continue to plague the company and has prompted congressional inquiries and government investigations. It’s a shattered reputation as far as security and privacy is concerned, but co-founder and CEO Mark Zuckerberg recently wrote a 3,000-word manifesto on his “privacy-focused strategy” for the company.
All well and good but it’s going to take a whole lot more than a manifesto to gain (and regain) people’s trust.