Millions Of Facebook, Instagram Passwords Found Stored In Plain Text On Company Servers, Time To Change Yours Again
It seems that Facebook just can’t catch a break right now nor can it go longer than a week or two without finding itself in headlines for all the wrong reasons, and that’s exactly what has happened here. See, it turns out that Facebook stored millions of user passwords in plain text, somewhere on its servers.
Facebook says that it risked passwords for both Facebook and Instagram users being used maliciously, although there doesn’t appear to be any suggestion that has happened so far.
As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.
The good news is that nobody outside of Facebook’s walls ever had access to the servers on which the passwords lived, although that’s only really good news if you’re sure you trust each and every one of Facebook’s employees.
Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.
What we do know is that now would be a great time to reset your password for both Instagram and Facebook, just to be sure. That’s always a good rule of thumb if anything like this crops up, and given Facebook’s apparent lack of concern isn’t all that calming, we have no reason not to do the same right now, too.