Facebook revealed last night about a flaw that stores passwords. This flaw was found in January. Millions of user passwords are stored by Facebook in its systems in plain text. It simply means that anyone who has access to these passwords can easily read them without having to decrypt them. Such vulnerability can affect so many users. It affects Facebook Lite users in hundreds of millions of numbers, other Facebook users in tens of millions of numbers, and even Instagram users by tens of thousands of numbers.
As per Brian Krebs, a cybersecurity journalist, what is more shocking is that Facebook has been storing user passwords, in some instances, since 2012 without even securing them. The report says that about 20,000 employees of Facebook had access to these passwords on the plaintext, because of this flaw. The passwords of users between 200 to 600 million users were exposed. But, Krebs said that only 2,000 developers or engineers had raised queries about this issue. About nine million internal queries were raised by these developers or engineers about the data content having user passwords. A software engineer at Facebook, Scott Renfro, told Kerbs that Facebook hasn’t found an abuse of the flaw. It has notified their users about this flaw which will force the users to change their passwords as soon as possible.
Facebook informed that they have not yet found any case in their investigations so far, where any internal team member was intentionally looking for the user passwords. There are no signs of misuse of this vital information. If in any case, there is a sign of abuse, the company has made sure to take steps which force users to change their passwords in cases where signs of abuse have been seen. The social network is investigating this issue internally and at the same time, also baffling that it isn’t forcing its users to change passwords for prevention of future abuse. So, all the Facebook users should definitely change their passwords for security purposes and also enable two-factor authentication.