This week, the Facebook Newsroom posted an article which stated that some passwords were accidentally being stored in a readable format. They discovered this during a routine security review that Facebook performs every January.
How Facebook secures passwords and what went wrong
Facebook secures your password using techniques that make them unreadable. They secure each password and irreversibly replace them by random characters. This way, the people who work at Facebook are unable to find out other people’s passwords and possibly abuse this information. But because of faults in the system, some passwords were stored in a readable format. Luckily, no one outside the company was able to gain access to the improperly stored passwords. Facebook also stresses that there is no evidence of employees abusing the revealed passwords.
Facebook has since fixed the issues of the system. They will be notifying all the people whose passwords have been revealed. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.” Pedro Canahuati (VP Engineering, Security and Privacy) explains. The intention of these notifications is that people who reuse passwords on many different websites can change them. This way – if an employee did abuse the revealed information – you won’t get hacked on multiple websites.
Facebook gives you a few tips on how to keep your account secure. First of all, you can change your password in ‘settings’ on both Facebook and Instagram. Do this if you have the same password for multiple websites. It’s best to have a different password for each website and account. Secondly, you should choose strong, difficult passwords. And thirdly, Facebook suggests using a security key two-factor authentication.
Keep up with all the latest privacy news on our blog!