Facebook had stored millions of user passwords in plain text for years, the social media company confirmed on Thursday after a security researcher posted about the issue online.
Facebook says there is no evidence that employees had abused access to this data. The company says the passwords were stored on internal company servers, no outsiders could access them. But the incident reveals a huge oversight for the company amid a slew of bruises and stumbles in the last couple of years.
MORE: 5 Steps to Protecting your Digital Home
MORE: Five Tips to Keep Your Kids Safe Online this Summer
The security blog KrebsOnSecurity says some 600 million Facebook users may have had their passwords stored in plain text. Facebook said in a blog post Thursday it will likely notify “hundreds of millions” of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users.
Securing Your Account
Facebook provided some steps you can take to keep your account secure:
- You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
- Pick strong and complex passwords for all your accounts. Password manager apps can help.
- Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.
MORE: How to setup warning alerts for unauthorized logins to Facebook