Facebook has stored millions of passwords in plain text. Here's how to change yours


If you are concerned about online security, you may have already reconsidered your relationship with Facebook. The social networking giant has earned a reputation for manipulating user data and making it vulnerable to hacking. Now there is a new reason to reevaluate your profile: as reported by KrebsOnSecurity, Facebook stores passwords in plain text since 2012, which means that they were easily readable and searchable for years for those with access to the internal functions of Facebook. All users must change their passwords as soon as possible.

Over the last seven years, between 200 and 600 million users have seen their password made vulnerable by the security breach. Passwords were saved in Facebook's internal password management system in plain text without decryption. According to Facebook, "hundreds of millions of Facebook Lite [its app for low-power-usage devices] users, tens of millions of additional users on Facebook and tens of thousands of Instagram users "were affected.

Technology companies normally encrypt the passwords of the users they store in their databases. Without encryption, anyone with access to these files can read this sensitive information without encountering any obstacles. Facebook's security problem left passwords open up to 20,000 company employees. According to KrebsOnSecurity, "the access logs indicated that 2,000 engineers or developers had made about 9 million internal queries about data items containing plain text user passwords."

Facebook claims to have solved the problem and is considering contacting all affected users. Because nothing indicates that passwords have been disclosed or manipulated, the company will not ask users to change their passwords. But given Facebook's reputation for security, all users should probably change their password as a precaution.

To change your Facebook password, go to Settings then Security & Login. Go to the Change password option under Login and select Edit. From there, you can set a new password after entering your current password. Here are some tips for developing a strong password.

[h/t KrebsOnSecurity]


Source link