Uh-oh, says Facebook, it turns out millions of user passcodes were stored in plaint text on the social network’s servers. Facebook disclosed the mistake that risked exposing the passwords of Facebook and Instagram users in a new blog post called Keeping Passwords Secure — presumably the irony is not intentional.
Facebook says it discovered the mistake earlier this year:
The company goes on to say that no one outside of Facebook had access to user passwords, and to their knowledge, no one internally abused having access to exposed passwords stored in plaint text.
Don’t take Facebook’s word for it though. Always use a unique password for every account and never recycle the same password for two or more accounts. Password management software like 1Password and LastPass can help, or even Apple’s built-in iCloud Keychain feature … or as a last resort, a classic notebook with passwords that you update regularly. Just don’t leave it to memory and recycle a password. Why? There’s no way to know who else may be storing passcodes in plain text as well.
It’s also wise to enable two-factor authentication for your personal online accounts when possible. Facebook shares how to do that with its services below:
Finally, the social network says it will start alerting affected users about the security goof following today’s disclosure. As for how many people are affected, this is what the company offers:
Don’t wait for Facebook to tell you though. Use a unique password and change your Instagram and Facebook credentials anyway just to be safe.
