Last updated on June 23, 2020
In a press release today, Facebook said it discovered during a routine security review, that hundreds of millions of user’s passwords were stored in plain text. These passwords apparently were only visible internally. Per the press release, these were never visible outside of Facebook. News of the mistake has been covered by Brian Krebs over at Krebsonsecurity as well as Motherboard.vice discussing this event that go into depth and deserve your attention for more detail.
What does this mean to the average Facebook user? Facebook will be notifying users soon. I suggest that if you have a Facebook account, create a new password and change any reused passwords. It is never a good idea to reuse passwords because of situations such as this. Follow some traditional best practices such as:
- Avoid reusing passwords.
- Change passwords quarterly.
- Use password managers to generate strong and random passwords.
- Use passphrases instead of passwords if not using a password manager.
For some password security information see my previous article found here.
“When it comes to privacy and accountability, people always
demand the former for themselves and the latter for everyone else.”
― David Brin