If you woke up this morning and thought to yourself, “Hey, it’s been a minute since I last heard about Facebook security issues affecting millions of users in scary ways,” then have we got some news for you. Turns out, Facebook’s internal servers were storing millions of plain-text, unencrypted user passwords. Yikes!
Facebook announced its findings in a security blog post today. According to the post, Facebook security researchers found out about the problem during a routine test in January. It’s not clear why the company is only announcing its findings today.
Thankfully, Facebook says there is no evidence this security breach was exploited by any nefarious individuals. Instead, it seems the passwords were exposed only on Facebook’s internal servers, which means only Facebook employees could see the unencrypted passwords. However, the company will be encouraging the millions of affected users to change their passwords anyway, just to be safe.
Facebook estimates it will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users about the security issue.
In light of these findings, Facebook is now looking at other ways it can store information related to its users, including things like access tokens. It has been fixing problems as it comes across them during these investigative sessions.
It would be a good idea to change your Facebook password soon, even if you weren’t affected by this security snafu. Or, conversely, you could click below to delete your Facebook profile.