Facebook fails to protect hundreds of millions of passwords: how to change yours
Access codes were stored in plaintext and could have been seen by 20,000 staff
A server glitch has exposed hundreds of millions of user passwords to Facebook employees, a study has found.
Security researcher Brian Krebs wrote on his website Krebs On Security that a source at the social media firm claimed that the passwords were stored on internal servers in plaintext, a simple text document format, and could be accessed by up to 20,000 Facebook staff.
The source told Krebs that an internal Facebook investigation indicates between 200 million and 600 million passwords were stored, none of which was protected by encryption, a security format that converts a file into a jumbled code to prevent any unauthorised parties from viewing it.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
According to The Guardian, most of the passwords stored on the servers came from Facebook Lite users, a version created for countries “where mobile data is unaffordable or unavailable”, but the leak also affects those who use the regular app.
In a statement, Facebook’s vice-president of security, Pedro Canahuati, said the passwords “were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them”.
Nevertheless, he said, the company estimates “that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”.
Canahuati adds that the social media firm rectified the issues once it discovered them, but it will continue to investigate how it stores user information.
How to change your password
Although Facebook “isn’t initiating a reset” of everyone’s passwords, security experts often advise users to reset their login details in the event of a data breach, says Fortune.
One of the simplest ways to reset your access details is to select “forgot password” at the Facebook login screen, the news site says. This involves you resetting your password through a one-time link, which is sent by email.
Many people, however, have set their account up to automatically log them in as soon as they enter the app or visit the website.
For computer users, head to the downward-facing arrow in the top right-hand corner of the screen and select “Settings”, The Sun says. Then select “Security and Login” on the left-hand side of the screen and press “Change Password”.
On the Facebook app, press the three horizontal lines on the bottom right-hand corner and scroll down to “Settings and Privacy”. Once here, press “Settings”, followed by “Security and Login” and then “Change Password”.
It’s best to avoid simple passwords such as “12345678” as these can be easily guessed by cyber criminals. Instead, you should choose a password with a mix of numbers, letters and punctuation (if permitted) to create a code that only you would know.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Magazine solutions - December 27, 2024 / January 3, 2025
Puzzles and Quizzes Issue - December 27, 2024 / January 3, 2025
By The Week US Published
-
Magazine printables - December 27, 2024 / January 3, 2025
Puzzles and Quizzes Issue - December 27, 2024 / January 3, 2025
By The Week US Published
-
Why ghost guns are so easy to make — and so dangerous
The Explainer Untraceable, DIY firearms are a growing public health and safety hazard
By David Faris Published
-
Is the AI bubble deflating?
Today's Big Question Growing skepticism and high costs prompt reconsideration
By Joel Mathis, The Week US Published
-
How social media is limiting political content
The Explainer Critics say Meta's 'extraordinary move' to have less politics in users' feeds could be 'actively muzzling civic action'
By Chas Newkey-Burden, The Week UK Published
-
Twitter's year of Elon Musk: what happens next?
In the Spotlight 'Your platform is dying', says one commentator, but new CEO is aiming for profitability next year
By Chas Newkey-Burden, The Week UK Published
-
Turns out Facebook isn't as polarizing as previously thought
Talking Point New studies show that, contrary to prior belief, the algorithm has little effect on driving polarization
By Theara Coleman Published
-
Mark Zuckerberg vs. Elon Musk: a tale of the tech tape
Under the Radar The two men challenged each other to a fight after years of sniping
By Justin Klawans Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published
-
How greater online regulation is prompting fears of a ‘splinternet’
feature Government pressure worldwide means the internet is not as open as it once was
By Sorcha Bradley Published
-
Donald Trump, the Pope and the disruptive power of AI images
feature AI-generated deepfakes blur reality and could be used for political disinformation or personal blackmail
By The Week Staff Published