#facebook password plain text

Facebook has admitted that they have discovered that hundreds of millions of user passwords were stored in a readable format or in plaintext within their internal data storage systems. In a statement, Pedro Canahuati, Facebook VP Engineering, Security and Privacy, said that their login systems should have masked the passwords, and have discovered the issue during their routine security review in January. He said that the passwords were never visible to anyone outside of Facebook and have found no evidence to date that anyone internally abused or improperly accessed those passwords. A senior Facebook employee who spoke on condition of anonymity told KrebsOnSecurity that initial investigation estimates that between 200 million and 600 million Facebook users might have had their passwords stored in plaintext and was searchable by more than 20,000 Facebook employees. Some of the discovered archives of plaintext passwords even date back to 2012. Although Facebook says that no passwords were exposed externally and that they didn't find any evidence of abuse to date, the company still recommends changing your passwords on Facebook and Instagram as well as enabling a security key or two-factor authentication (2FA) to keep it secure. Paul Ducklin, a senior technologist at cybersecurity provider Sophos, also recommends changing your Facebook password and enabling 2FA. Read more in our articles including "Facebook admits storing millions of passwords in plaintext" and "Facebook page FTTM receives cyber libel complaint from Caloocan City government".