Facebook has accidentally stored millions of user passwords in plain text since 2012!
Facebook is once again the focus of a new data protection controversy: The passwords of “hundreds of millions” of users were stored in plain text. This time, Instagram users are also affected by the latest security incidents. A total of 200 to 600 million Facebook and Instagram users could be affected.
Although the social media company did not specify which component or application on its website caused the error, Facebook announced that the company discovered the security flaw during a routine security check in January of this year.
In a blog post published on March 21, Pedro Canahuati, Vice President of Engineering at Facebook, said that an internal investigation into the incident found no evidence that Facebook employees had misused these passwords. However, about 20,000 employees had access to the passwords! However, the passwords stored in plain text were allegedly not visible to anyone outside the company.
Canahuati did not mention the exact number of users affected by the disruption, but confirmed that the company would immediately begin notifying “hundreds of millions of affected Facebook Lite users, tens of thousands of other Facebook users, and tens of thousands of Instagram users.
So Facebook has fixed the problem and now recommends changing Facebook and Instagram passwords immediately.
In addition, all Facebook and Instagram users will continue to be strongly encouraged to use two-factor authentication and login alerts. It is also recommended to use secure VPN software and a password manager.
This incident confirms once more: Use an individual password for each service and for each website! Please also note our tips for secure passwords…
So another security incident on Facebook. In October last year, Facebook had to admit that hackers were able to access personal data from 29 million Facebook accounts using secret access tokens.
But not only Facebook has stored hundreds of millions of passwords of its users in plain text. Twitter also had to admit a similar security incident last year. Twitter unintentionally stored the passwords of around 330 million users as plain text on an internal computer system.