In an official statement, the Malaysian Communications and Multimedia Commission (MCMC) urges Facebook and Instagram users to change their passwords immediately if they have received security notifications from Facebook. Last week, Facebook admitted that it found millions of user password were being stored in a readable plain text format within its data storage systems.
Cybersecurity reporter Brian Krebs of KrebsOnSecurity reported that potentially some 600 million user passwords were stored in plain text and searchable by Facebook’s 20,000 employees, with some cases going back as far as 2012.
Facebook’s login systems are supposed to mask passwords. This security flaw has since been fixed. Facebook’s VP of engineering, security and privacy, Pedro Canahuati explained that these passwords were never visible to anyone outside of the social platform; the company has found no evidence of anyone internally abusing or improperly accessing the data, to date.
Facebook estimates that it will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and thousands of Instagram users.
If you’re a Facebook or Instagram user (or both), it is advisable to change your passwords regardless if you receive Facebook security notifications.
MCMC also warns users to be wary of fake emails and potential phishing scams taking advantage of the situation. Users are advised not to click on links in emails from suspicious sources.
Here’s what you can do to secure your account:
- Change your Facebook and Instagram passwords. Avoid reusing passwords across different services.
- Make sure you use a secure, strong password (a mix of letters, numbers, capitalisation and symbols). A password manager app may also help.
- Enable security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app like Google Authenticator or LastPass.