Facebook isn’t exactly well known for having the best security practices and now, another blunder has surfaced.
On Thursday, a report from Krebs on Security revealed the company had stored hundreds of millions of users’ passwords for Facebook, Facebook Lite, and Instagram in plain text, making user passwords accessible to thousands of Facebook employees.
Usually, passwords are encrypted when they’re stored through a process called hashing, but Facebook had a “series of security failures” that left people’s password information wide open, according to the Krebs report.
Pedro Canahuati, Facebook’sVP of Engineering, Security, and Privacy, confirmed the breach in a blog titled “Keeping Passwords Secure”, writing, “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.”
This may not seem like a big deal, because the company said there’s no sign that the passwords were visible to anyone outside of Facebook. However, this just proves, again, that Facebook’s security is subpar.
For example, in November of 2018, private messages from 81,000 users were put up for sale, as reported by The Verge. And Facebook is still facing repercussions for the Cambridge Analytica scandal that resulted in Mark Zuckerberg testifying before Congress.
Facebook is notifying all the people who were affected. According to Krebs, that’s between 200 and 600 million users. The company isn’t forcing anyone to change their passwords, but you should, even if you aren’t notified.
There’s no sign of abuse, but it’s better to protect your account than to take any chances.