Facebook is back with another security problem.
This time, it’s your actual passwords. The company reported yesterday that it stored millions of user passwords in plain text, without any hashing/encryption. That meant your passwords were in a readable format, allowing Facebook employees to know your exact password with simple database queries.
Facebook says the passwords were not accessed by anyone from outside the company, and it hasn’t been abused internally, either. That still doesn’t change the fact that user passwords were completely accessible to Facebook employees internally.
Facebook isn’t sharing exactly how many users were impacted, but security research site KerbsOnSecurity reports that around 200-600 million users were impacted. It seems like the issue originated from Facebook’s Lite apps, a version of the company’s app that uses fewer resources. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity,” the company said in a blog post.
Facebook insists the passwords weren’t exposed externally, and it “didn’t find any evidence of abuse” to date. So your account may have not been compromised, but the company will still notify affected users, suggesting them to change their passwords for safe measures.
Either way, with Facebook already going through so much privacy and security controversies, this just makes things worse. It’s almost like there’s a new Facebook security related problem every other week, and with the company shifting its focus to protect user data, this is not a good start.