After the recent Facebook password leak, several users are confused over the breach of their password. Read on to know about the recent Facebook password breach…
Recently, Facebook disclosed another major privacy revelation in its platforms. Facebook revealed that millions of passwords of Facebook Lite and Facebook app users were stored in a ‘readable format’ in its internal systems. Most of the passwords found belonged to users of Facebook Lite — a smaller version of the Facebook app meant for low data usage. Passwords of a significant number of Instagram app users were also stored in the same way.
In an official blog post, Pedro Canahuati, VP Engineering – Security and Privacy at Facebook stated that millions of user passwords were being stored in readable formats. This shocking admission comes days after the social media company’s Messenger application was exposed to a user data-revealing security flaw.
However, Facebook blog mentioned other information such as access tokens that had problems were resolved later. In the revelation, Facebook mentioned that it has implemented security measures to store passwords from then on. As of now, Facebook has said that no security incidents have occurred due to this issue.
Canahuati explained that those ‘readable’ passwords were obscured for outsiders. “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” he wrote in the company statement.
Facebook said that it has boosted security measures for protecting all accounts on the platform. Furthermore, it has advised users to enable security keys or 2FA to secure their account from external attacks.
Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.
After the password breach, Facebook and cyber-security experts are urging users to change their passwords and turn on the two-factor authentication (2FA). Using two-factor authentication would mean that a password alone is not enough for cyber-crooks to compromise your account.
Another security measure users can implement to strengthen their digital security practice is to use different passwords for different online accounts. It is strictly advised not to use your Facebook password for any other login, particularly for personal / professional email accounts or online banking.
A breach of this magnitude, covering more than a quarter of Facebook’s entire user base over almost half its existence as a company, suggests internal security controls and sensitive data auditing are essentially non-existent at the company. More to the point, it reminds us just how little the Facebook cares about its users and their most sensitive data.
Facebook has skilled cyber-security professionals when it comes to its own systems. It is crucial to note that Facebook’s never-ending stream of security breaches have almost all involved its public interfaces, rather than remote hackers penetrating its networks and exfiltrating its databases.
It is even more important to note that almost all of Facebook security breaches till date have involved the data of its users and not Facebook’s own data.