Oops! Facebook down again in security.
The social network website Facebook have billion of members, but in terms of security it down day by day. Today the company VP engineer unveiled that Facebook stored passwords for hundreds of million users in plain text.
According to sources, in between 200 to 600 million Facebook users might have account passwords stored in plain text.
In an interview with KrebsOnSecurity, Facebook software engineer Scott Renfro said the company wasn’t ready to talk about specific numbers — such as the number of Facebook employees who could have accessed the data.
Renfro said the company planned to alert affected Facebook users, but that no password resets would be required.
“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Renfro said. “In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”
According to Pedro Canahuati, VP Engineering, Security and Privacy, said in blog post.
As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way.
To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.
Securing Your Account
- You need to change your Facebook and Instagram Password.
- Always pick unique passwords for all your accounts.
- Enable a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, FB will ask for a security code or to tap your security key to verify that it is you.