According to a report by Krebs on Security, and later confirmed by Facebook, the social network giant stored the passwords of between 200 million and 600 million Facebook, Facebook Lite, and Instagram users in plain text on internal company servers.

Plain Text Problems

Discovered during a “routine security review,” Facebook claims that these passwords were never visible to anyone outside of the company, and that thus far they have found no evidence that indicates that any employee inappropriately accessed them. While no evidence of abuse has currently been found, at least 2,000 Facebook employees searched through the files containing passwords, though it’s not clear as to why.

Facebook has stated that their login systems are designed to mask (“hash” and “salt”) user passwords, and the reported password logging bug has been fixed.

Password Security with RoboForm

If you suspect or are notified by Facebook that your account may have been affected, there are steps you can take.

  1. First and foremost, change your password in your settings on Facebook and Instagram, and on any other sites where it is being used.
  2. If you’re not currently using a password manager, install RoboForm. Available as a free  with little to no effort, RoboForm can significantly secure your digital life.
  3. Use strong and unique passwords across every site. RoboForm’s random password generator quickly and easily generates passwords with the click of a button.
  4. Evaluate your security score. RoboForm’s Security Center feature evaluates the strength of your existing passwords and ensures duplications do not occur across various sites.
  5. Enable two-factor authentication. RoboForm and Facebook both offer an added layer of protection with 2FA.
  6. Learn more about RoboForm Security.

As our lives become increasingly digital, errors and investigations such as these will continue to crop up. By taking small precautions, you can significantly protect your privacy.

 

Posted by Simon Davis

Simon Davis is the VP of Marketing for RoboForm.