Social media juggernaut Facebook is again in hot water after it was revealed that the company stored passwords to users accounts in plain text. That means that Facebook didn’t follow industry standards of encrypting and hashing usernames and passwords for years, as far back as 2012.
While there’s no evidence that the plaintext passwords were ever leaked, chances are that they were easily accessible by more than 20,000 Facebook employees that worked within the company. An unnamed source within Facebook said that around 200 to 600 million(!) passwords were stored this way, which is appalling considering the amount of personal information we store on Facebook.
Facebook stresses that while employees technically had access to these passwords, they haven’t found any evidence that anyone maliciously accessed and copied them, internal or otherwise. That’s a little comforting, but the fact is that a company as big as Facebook that literally has millions and millions of users shouldn’t have made a mistake that even a tiny startup wouldn’t.
Moving forward, Facebook says that they’ve now fixed the issue but what does that mean for you? Well, at the very least you need to change your password on the off chance that you’re one of the people affected by this very stupid and ridiculous security gaffe. Barring that, you need to turn on two-factor authentication RIGHT NOW.