14 DAY TRIAL // To the surprise of no one, Facebook revealed the fact that they stored hundreds of millions of users' passwords in plain text, which were accessible to 20,000 company employees.
In a blog post, Facebook announced today that during a routine security review made in January 2019, they discovered hundreds of millions of users' passwords were stored in plain text in one of their internal data storage systems. The passwords were accessible to approximately 20,000 Facebook employees, though Facebook claims the passwords weren't accessible to outsiders.
"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users," said Pedro Canahuati, VP Engineering, Security and Privacy.
Passwords weren't exposed externally, but change your passwords anyway
Facebook has fixed the problem and said it would start notifying up to 600 million Facebook Lite, Facebook, and Instagram users whose passwords were exposed to company's employees, though the social media giant continues to claim that no passwords were exposed to anyone outside Facebook and they haven't found any evidence of abuse at the moment of writing.
However, as one may expect, Facebook warns users to change their Facebook and Instagram passwords as soon as possible, especially if they reuse those passwords for other accounts. When changing your password, make sure you choose a complex one and you also enable a two-factor authentication where possible. Facebook said it takes measures for similar security breaches not to happen in the future.
Since the SMS-based two-factor authentication methods are susceptible to hijacks as hackers can quite easily clone your mobile phone number to receive those security codes send by Facebook, so it is better to use security codes from third-party authentication apps instead. Facebook also supports hardware security keys for protecting your accounts with a simple touch.