Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for “hundreds of millions” users in plaintext.
What’s more? Not just Facebook, Instagram users are also affected by the latest security incident.
So, if you are one of the affected users, your Facebook or Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database.
Though the social media company did not mention what component or application on its website exactly had the programmatic error that caused the issue, it did reveal that the company discovered security blunder in January this year during a routine security check.
In a blog post published today, Facebook’s vice president of engineering Pedro Canahuati said an internal investigation of the incident found no evidence that any Facebook employee abused those passwords.
“To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati said.
Canahuati didn’t mention the exact number of users affected by the glitch, but confirmed that the company would start notifying its “hundreds of millions of affected Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
Facebook has now fixed this and recommended users to change their Facebook and Instagram passwords immediately.
“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them.”
Besides this, all Facebook and Instagram users are also always highly recommended to enable two-factor authentication, login alert feature and use the physical security key to protect their accounts from cyber attacks.
This is yet another security incident for Facebook. In October last year, Facebook announced its worst-ever security breach that allowed hackers to successfully steal secret access tokens and access personal information from 29 million Facebook accounts.