Yet another Facebook incident has shaken up the internet. Users around the world are advised to change their passwords after Krebs on Security learned that hundreds of millions of users’ unencrypted login credentials were exposed. This has been going on for years, so theoretically, any hacker who could gain access to the text could easily get into users’ accounts.
Any database, especially one from a massive tech giant such as Facebook, should have user passwords encrypted into random characters and numbers, a process called hashing. This latest Facebook incident stems from apps built by the social network‘s employees to log password data in plain text and store it on internal company servers. It’s estimated that 20,000 Facebook employees had access to the unencrypted passwords.
According to Krebs, 200 million to 600 million users are affected by the latest Facebook incident. Krebs learned about it from an unnamed source at the company. Although Facebook did confirm the issue, it apparently did so after damage could already have been done. In a post titled “Keeping Passwords Secure,” Facebook confirmed that the issue occurred and admitted to being aware of it since its January security review. The company said the issue is now fixed and that all affected users will be notified.
What’s particularly concerning about this Facebook incident is that the tech giant seems to have chosen not reveal the issue until after it was flagged by an outside source. A spokesperson said there is no evidence suggesting the plain text passwords were exposed outside the company or abused internally. In fact, users won’t even be required to change their passwords. However, given the nature of the problem, changing passwords is the best thing users can do after a security flaw like this. The company further said it was mostly Facebook Lite users who were exposed. Hundreds of millions of Facebook Lite users were affected, while tens of millions of users of the company’s other apps, including Instagram, were affected.
Even though the company believes no one abused the password internally, at least 2,000 employees apparently looked through the files that contained the passwords. It’s still not clear why they did so.
This Facebook incident is far from the first major security flaw at the social network. In October, a security flaw exposed 29 million accounts to hackers, making it the worst Facebook data breach ever. Just last week, Facebook’s trio of apps experienced a major outage which lasted for hours. Many suggested it looked like a cyber-attack rather than a regular outage, although the company denied those claims. Most importantly, no one can forget the Cambridge Analytica data privacy scandal.