Just when you think all the Facebook BS is winding down, they go on to prove, yet again, that the privacy and security of their user base means rather little to them. Facebook revealed yesterday that they kept a copy of passwords for "hundreds of millions" of users in PlainText.
What does this mean for you? Luckily, not much at this point. If you were one of the affected users, your password was readable by the Facebook engineers that have access to the database servers. Facebook's vice president of engineering, Pedro Canahuati, said that an internal investigation found no evidence that the passwords were visible by anyone outside of Facebook, and further that no evidence was found of Facebook employees abusing the access to the passwords.
"To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them," said Canahuati.
Facebook has not released which component or application had the programming error, nor the exact number of users affected. However, they will be reaching out to the "hundreds of millions of affected Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users."
While Facebook have fixed the issue, it is recommended that you change your passwords to Facebook and Instagram immediately.
Being an engineer myself, and working at the largest MSP in New England, this type of neglect really grinds my gears. This is yet another security incident for a company that has a terrible track record in that regard. Let's not forget that just last year, in October, Facebook announced its worst security breach in company history that allowed hackers to successfully steal "secret access tokens" and access personal information for over 29 million users.
There are things that you can do to help increase the security of your personal information. Little things you can do that make a huge impact. I do these things myself.
Enable two-factor authentication. For information and instructions on how to enable two-factor authentication, click here.