Facebook on Wednesday disclosed a critical flaw on its social networking platform that exposed millions of users passwords to its employees. The company said the passwords were stored in plain text format on its internal servers. Facebook said it has now fixed the glitch.
Facebook in a blog post said it discovered the passwords in “readable format” during a routine security review in January. The social media giant also assures that the passwords did not leak outside the company, and were not misused in any way. It’s also not clear how long the passwords were out in the open.
Affected users
Facebook’s security flaw exposed passwords of millions of users. This primarily affected “hundreds of millions” of Facebook Lite users, “tens of millions” of Facebook users, and also “tens of thousands” of Instagram users. Instagram users who login to the app through Facebook are likely to be affected.
ALSO READ: What is Facebook’s View As feature and why has it been disabled
Here’s what you need to do
Facebook will alert users who were affected by this security flaw. It also urges all users to change their Facebook and Instagram passwords immediately irrespective of being affected or not.
“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Paul Ducklin, a senior technologist at Sophos, said.
Facebook users are also advised to use two-factor authentication (2FA) for better security. 2FA requires a security code which will be sent to the registered phone number of the Facebook user.
For those who do not wish to share their phone number can use third-party authentication apps like Google Authenticator. These apps generate a security codes every time you login to Facebook.


Source: hindustantimes.com