After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cyber security experts are urging users to change their passwords and turn on the two-factor authentication (2FA).
So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.
"It's perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused," said Paul Ducklin, Senior Technologist at global cyber security firm Sophos.
"Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed," Ducklin added.
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.
"While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error," said John Shier, Senior Security Advisor at Sophos.
"This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA)," Shier said.
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.
Facebook also asked people to change their passwords "out of an abundance of caution".
Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons -- like two-factor authentication (2FA) -- for things like advertising and making users searchable by their phone numbers across its different platforms.
"Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don't use your Facebook password for any other login, particularly for personal/professional email accounts or online banking," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.
"It is also a good practice to log out whenever not using Facebook, even on mobile devices," Katkar added.
Top Awami League leader denies India's 'interference' in Bangladesh polls
A top leader from Bangladesh's ruling Awami League on Saturday ruled out allegations of India's interference in the country's election, months after the crucial vote in January this year saw Prime Minister Sheikh Hasina storming back to power.
India opposes introducing a 'special envoy' to combat Islamophobia at UN
Calling India "a proud champion of pluralism," India's Permanent Representative Ruchira Kamboj opposed the establishment of the post of "special envoy" on a special religion at the United Nations today.
Gaza ceasefire on cards as Israel likely to agree to release 1000 Palestinian prisoners
A six-week ceasefire is on the cards in the ongoing war between Hamas and Israel after both sides communicated to the mediators on stepping down from their earlier demands.
G7 industry ministers commit to 'safe and reliable' AI
Industry ministers of the Group of Seven (G7) have said that artificial intelligence (AI) is crucial for achieving sustainable development, but needs to be implemented in a balanced and safe way.
UN chief calls out social media for spread of Islamophobia
Purveyors of hate speech are misusing the most powerful megaphone in history -- social media -- to amplify and spread their despicable ideologies. Online platforms have become breeding grounds for extremist ideologies and harassment, he told a high-level event to mark the International Day to Combat Islamophobia on Friday.
Rishi Sunak rules out UK general election on May 2
Sunak made the statement when talking to ITV News on Thursday. Previously, he said an election would be held in the second half of this year but didn't rule out an election in May, Xinhua news agency reported.
AI will be smarter than any single human by next year: Musk
Elon Musk who is currently locked in a battle with ChatGPT maker OpenAI said on Wednesday that artificial intelligence (AI) will probably be smarter than any single human by next year.
Biden clinches Democratic nomination, Trump likely to win GOP nod
US President Joe Biden clinched the number of delegates needed to win the Democratic Party's nomination in primaries held on Tuesday. His predecessor Donald Trump will have won the Republican nomination by the end of the day.