Have you changed your Facebook & Instagram password lately? If not it’s time to do so now. News has gone viral that Facebook has stored millions of passwords in plain text format making it readily accessible to its thousands of employees for a long time now.
Krebs on Security got hold of a Facebook employee and here are the basics:
- Facebook employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.
- So far, it’s estimated that 200 and 600 million Facebook users had their account passwords stored in plaint text and searchable by Facebook employees.
It’s very basic that for services like Facebook, user account passwords are stored in a secure way – passwords are scrambled using cryptography aka hashing then stored in its servers. Once hashed, the passwords are virtually impossible to crack even with a powerful computer.
What Facebook discovered is that passwords were stored without being scrambled or hashed. This is like typing your Facebook account password in a text file using Notepad. Naming the file ‘FACEBOOK PASSWORD’ then saving it on a share folder. If you want to go offline, it’s like writing down your Facebook password on a sticky note then putting it on the fridge door.
Fortunately, for now, Facebook has found no indication that the passwords were abused by its employees nor has it been accessed outside its network. Either way, the best thing to do now is change your Facebook and Instagram passwords. And for goodness’ sake don’t save it on your computer or device. Use a password manager app if you’re having trouble remembering your password for each social media account.
Remember, it’s better to be safe than sorry.
Featured image by Mark Burnett