Go change your Facebook password right now because it could be compromised.
The social media company admitted in a blog post on Thursday that it has stored “hundreds of millions” of account passwords in plaintext for years. This essentially left passwords open to anyone working at Facebook that happened to have access to the information.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” says Pedro Canahuati, VP of Engineering for Facebook Security and Privacy in the aforementioned blog post.
Logs were accessible to around 2,000 engineers and developers. This was discovered in January, but the security lapse is only being admitted to months later. According to cybersecurity reporter Brian Krebs, this issue can be dated back as far as 2012. Why it took this long to openly address the concern is unknown.
As far as they know, no passwords were exposed externally and they couldn’t find any evidence of abuse, but it’s always better to be safe than sorry.
How to secure your account
- Change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services and try to change your passwords often.
- Pick strong and complex passwords for all your accounts. Password manager apps can help.
- Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.