Facebook has found a flaw in its systems that stored user passwords in plain text. That means anyone with access to the compromised database could see users’ passwords. Eek.
According to a blog post by Facebook, this vulnerability affected between 200 million and 600 million users over three platforms — “hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users”.
It’s safe to say you better go ahead and change your Facebook password now. Because of this flaw, nearly 20,000 Facebook employees had access to the plaintext passwords of the affected users. Facebook claims that no one actually misused the information in any way… but we’re disinclined to trust Facebook given its track record.
Facebook has initiated an internal investigation, but hasn’t started informing users to change their passwords. The social network says it will inform users that have been affected, but bizarrely it’s not forcing users to change the passwords to prevent any future abuse.
Change your Facebook password, like, now
So, our advice is to change your password (like rn) even if Facebook hasn’t notified you to do so. Also, look into getting a password manager (we like LastPass), which will enable you to create and use more secure passwords that you don’t need to remember.
To change your password on Facebook (desktop), go to Settings – Security and Login – Change Password. If you’re using Facebook for iOS and Android (mobile), go to Settings & Privacy – Settings – Security and Login – Change Password. For Facebook Lite for Android password settings, go to Settings – Security and Login – Change Password.
On Instagram, you can go to Settings – Privacy and Security – Password to change your password.
Earlier this month, Facebook CEO, Mark Zuckerburg, published a blog post about Facebook’s future focus on user privacy. This isn’t a great start, and we’re not feeling confident in its privacy-focused endeavours.