Facebook announced today that during a “routine security review” in January they uncovered a huge security issue: Well over 200 million users’ passwords were being stored in a “readable format” – plaintext – within their data storage systems.
That wasn’t supposed to happen.
What does this mean?
When companies save your password, most of them do it in a safe way, especially if they are obligated to do so per agreements in place.
Companies encrypt passwords to prevent them from being stolen if there is a data breach, regardless of whether the attacker is internal or external.
A “plaintext” password would be the actual password, just as you type it in. An encrypted version of that would be a scrambled up, hashed version of that password that makes it very difficult to figure out the real password even if the hashed version gets in the wrong hands.
By keeping passwords in plaintext Facebook employees and engineers with access to their internal systems could see all of the passwords stored in that way.
They also have shared that some have been saved like that for years. Yikes. This is extremely irresponsible on the part of Facebook.
Was your password compromised?
All those whose passwords were stored inappropriately and not securely are going to be notified individually by Facebook.
We do not suggest you wait for the nudge from Facebook to proactively change your password!
Whether you are notified or not, your information is at risk out there.
Do not use the same password across multiple sites.
If you ARE repeating use of certain passwords, change them all now.
Keep passwords complex and unique.
Since it’s tough to remember all your credentials all the time, find a password management tool to help you.
Looking for more resources for strengthening your password game?
Check out these resources:
3 Safest Ways To Keep Track Of Passwords
5 Core Tips For Choosing Strong Passwords
Not sure why your password is so important to protect?
Here: We put together plenty of reasons for you to consider.
We urge you to be conscientious about caring for your credentials and your online presence as a whole.
Your business and your people are connected. For help in being proactive about protecting your business and the people inside of it, get in touch with us!
"*" indicates required fields