Facebook just can’t catch a break at the moment. Just as recently as yesterday the social media giant has suffered yet another setback. A glitch, or so Facebook wants us to believe, made hundreds of millions of users’ password appear in plain text to Facebook employees.
Facebook has immediately put up a blog on its Newsroom for damage control and claimed that “these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,”. It also said that the issue has now been fixed but as a precaution, the company will be notifying everyone whose passwords were exposed.
The number of users whose password had been compromised range from nearly 200 million to 600 million, said the report. The breach came into light after a senior Facebook employee familiar with the matter came forward on the condition of anonymity.
The cybersecurity blog states that the anonymous Facebook insider revealed that access logs of some 2,000 Facebook employees showed that nearly nine million internal queries were made for data elements that contained plain text user passwords.
Facebook said that it will be notifying about hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.
Facebook Lite, which is a lighter version of the main Facebook app, is designed for areas with poor connectivity and for phones which have low-end specs. It would appear that users of Facebook Lite are the ones that have been affected the most.
Facebook software engineer Scott Renfro, said in an interview with KrebsOnSecurity that Facebook first came to know about this situation back in January when security engineers reviewing some new code saw passwords being logged in as plain text.
“We have a bunch of controls in place to try to mitigate these problems, and we’re in the process of investigating long-term infrastructure changes to prevent this going forward,” said Renfro to KrebsOnSecurity. He has said that no Facebook passwords resets would be required.
How to change your Facebook password
On its blog, Facebook has explained in detail about what it is doing to protect your passwords which includes a variety of signals to detect suspicious activity, introducing a physical security key to your account, two-factor authentication and more. Here’s a small guide on how to change your password.
Go to settings -> Security and Login -> Change password
For iOS and Android
Settings & Privacy -> Settings -> Security and Login -> Change Password
Settings -> Privacy and Security -> Password