Earlier today we heard about yet another major security mishap where it was reported that about 200-600 million Facebook users’ passwords on the social network were stored in plain text and readable format. It was also confirmed that this flaw was existing for years and the passwords were apparently searchable by thousands of employees working at Facebook.
The social network giant was quick to respond and said in a blog that as part of a routine security review in January, it found some user passwords were being stored in a readable format within its internal data storage systems. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way," wrote Pedro Canahuati, VP Engineering, Security and Privacy at Facebook.
While Facebook has confirmed that the flaw has been fixed, one can never be too sure. And in our opinion, nothing is difficult for a hacker and one can easily slip through to get critical information about you including your personal information, your location, financial details and more.
John Shier, senior security advisor at Sophos says, “Despite the recent public struggles Facebook has had with respect to privacy and security, this incident is a little different. Authentication data is something that Facebook treats very seriously and has put in place many mechanisms, both externally and internally, to ensure that user credentials are safeguarded. While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error. This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on 2-factor authentication.”