If you’re still on Facebook (as there are a lot of people who said they’ve given up on it already), you might want to change your password again for the nth time. While the official statement is that it is nothing to really be concerned about, we beg to differ. The social network giant admits that they have stored hundreds of millions of passwords in a not-so-secure plain text document which can be potentially accessed by their employees.
Even with just that information, you would want to change our password right? But while Facebook will inform users whose passwords are involved, they will not be forcing a reset, unlike the previous security breach when they actually locked down accounts forcing users to change their passwords. “We want to make sure we’re reserving those steps and only force a password change in cases where there have definitely been signs of abuse,” Scott Renfro, Facebook software engineer says.
What happened was researcher Brian Krebs spotted the issue, showing that they were building apps and logging unencrypted password data and storing it in their company servers. This was just this January but upon further investigation, this has been happening since 2012 and may have affected hundreds of millions of users. Facebook, while admitting to this, has downplayed the problem.
They say that the data has not been visible to anyone outside of the company and they have not found any evidence that the data has been mishandled. But given all that we know about the company these past years or so, we need to err on the side of caution. It’s not that hard to change passwords anyway so just go ahead and do it to secure your account.