Facebook has done another privacy and security misstep. The company confirmed on Thursday that its password management systems had a bug. As a result, millions of user passwords for Facebook, Facebook Lite and Instagram were stored as plain text.
What does it mean? Thousands of its employees could easily find and read them. What is worse is that even passwords created in 2012 were affected.
Pedro Canahuati, Facebook’s VP Engineering, Security and Privacy stated:
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.”
Typically, the company masks users’ passwords each time they create an account. In that way, no one in the company can see them.
Of course, security experts reprimanded Facebook. This controversy is the latest high-profile incident that involves Facebook’s users’ data.
Some of them stated that the social media giant is a vital social infrastructure. It has a responsibility to the public. It is time for the company to clean its acts.
With this latest misstep, it is difficult to trust the platform if it cannot carry out basic blocking. Experts want Facebook to implement a security strategy to adapt to the 21st century.
Companies can save their users’ passwords through hashing, a cryptographic process before they are saved to the servers. Doing so will make the password unreadable even if someone compromises the passcodes. A computer will find it difficult to unscramble them.
Facebook has billions of users and it knows that hackers want those passwords. It is investing in several strategies to avoid security catastrophes. But one defect can easily negate all those bolts that it created.
The company is being proactive. However, this mishap is still a big deal.
Wired reported that those compromised passwords were not stored in one place. The issue also did not arise because of a single bug. Instead, it “captured plaintext passwords across a variety of internal mechanisms and storage systems.” As a result, it is difficult to fix it. In fact, it took months for the company to complete the examination before disclosing its findings.
It has been a year since the Cambridge Analytica scandal. Every year, Facebook faces constant issues, like record fine from the FTC, regulatory scrutiny in the US and Europe, etc.
It also faced severe cybersecurity problems. Last year, a hacked exposed Facebook’s private profile information for nearly 50 million Facebook users. Furthermore, the private photos of its 6.8 million users were exposed without their permission.
Earlier in March, security and privacy experts revealed that the social media giant is using its users’ phone numbers for other things besides security reasons. That is, it is using those data for marketing and advertising.
Although no passwords were exposed externally, it is still ideal to change your password and avoid revising it in different services.