TechEngage

Technology news and opinions

Security, Social Networks

Latest Facebook security snafu means we should all go change our passwords

Avatar for Rizwan Anwar Updated: January 11, 2020

A photo of iPhone X in hands of a female with Facebook login screen open

Facebook issued an important statement about account security from their Newsroom yesterday.

It turns out that the company discovered back in January that “some user passwords were being stored in a readable format within our internal data storage systems.” Hundreds of millions of users may have been affected, though the company wasn’t forthcoming with the exact number of passwords exposed. According to Wired, the company was forced to admit that the passwords were stored in a simple readable format that some Facebook employees could see following a report by the website Krebs on Security.

The company has confirmed that passwords from Facebook, Facebook Lite, and Instagram were exposed on the company’s internal servers. Facebook said it estimates that it will need to notify hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users about the event.

Unlike the massive data breach in September 2018, this has not prompted Facebook to mandate password changes for users. The company instead offered some recommends to users for securing their accounts, including changing passwords (and not reusing old ones). It also suggested that users enable two-factor authentication, set strong and complex passwords, and use a security key.

The latter is highly recommended if you are a prominent figure or have a lot of sensitive data to protect. A security key is a physical device that plugs into the USB drive of a computer. Users can register a device with Facebook, which will use it to confirm their identity when they log in. This means that even if a password is compromised, a hacker would need access to the actual, physical key in order to access an account.

At the moment, there’s no way to know if your account password was among those exposed on the internal server, but it would be wise for all Facebook, Facebook Lite, and Instagram users to update their passwords, just in case.

It’s still unclear why Facebook waited 2 months to inform users of the news. Let’s hope the company is more forthcoming more quickly in the future.

This post was orginally published on: March 22, 2019 and was updated on: January 11, 2020.

Related Tags:

Related Stories

Reader Interactions

Join The Discussion:

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.