Remember at the beginning of March when Facebook CEO, Mark Zuckerberg, talked about how he wanted to make Facebook a “privacy-focused platform“? Well flash forward to last week when Facebook announced they “found some user passwords were being stored in a readable format within [their] internal data storage systems”. Keep reading for everything you need to know about the latest Facebook mishap.
What was affected?
It is estimated that 200-600 million user passwords were stored in a plain text file on Facebook’s internal server, dating back to 2012. This means that instead of seeing a scrambled, unrecognizable version of a password, more than 20,000 Facebook employees could search and see your password in a readable format, like:
These passwords were never visible to people outside of Facebook. Facebook stated that they have “found no evidence to date that anyone internally abused or improperly accessed them”.
So although things could have been much worse, it’s still not great. If you are thinking that this seems like a basic mistake that shouldn’t have happened, well you’d be right.
When did this happen?
Well they realized it happened back in January when Facebook did their routine security review. They only admitted to it on Thursday though, nearly 3 months later.
They stated “this caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
What should you do?
Although Facebook said they’ll contact users who were affected we’d still recommend you change your Facebook password right away. Why not? You can never be too careful when it comes to your privacy.
Like we’ve mentioned in the past, if you can, it’s always a good idea to turn on two-factor authentication. This means even if someone has your password, they’ll still need a second code/authentication to get into your account. Usually this is a code sent to your phone, or generated somewhere else that you’ll need to input.