Yet another disaster for Facebook. It was revealed recently during a “routine security review” that hundreds of millions of Facebook users passwords were unencrypted (stored in a “readable format”) within their servers meaning they were accessible by 20,000 internal Facebook employees. This is clearly a security risk and concerning to Facebook users.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” “There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook.” Canahuati wrote.
“In total, between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees, dating back to 2012.” Krebs wrote.
According to Facebook the affected users have been notified to change their passwords.
What does this mean for you? Even if Facebook is claiming that there was no risk, if you are notified, make sure you change your password.
Sources: Facebook passwords for hundreds of millions of users were exposed to Facebook employees, Facebook employees had access to private passwords for hundreds of millions of people, Keeping Passwords Secure