Yet Another Security Slip Up: Facebook Stored Over 600M Passwords As Plain Text

Facebook AH NS 10

Social media giant Facebook recently announced that it fixed a security issue that gave employees access to the passwords of millions of users in readable plain text formats. Supposedly, Facebook keeps the passwords in an unreadable format that prevents people with malicious intent from gaining access to user accounts. This technique uses a cryptographic key and a function called scrypt, which converts the person’s passwords to a random string of characters, and it permits the social media giant to store and authenticate passwords without storing them in a readable format.

However, this security oversight allowed Facebook employees to search and obtain passwords easily, and according to the social media giant, this security issue impacts hundreds of millions of users. Most of the people affected by this issue use Facebook Lite, the app designed by the social media giant for countries with poor connectivity. However, this problem also impacts tens of millions of other Facebook users as well as tens of thousands of people who have accounts on Instagram.

Facebook claims that they have not found any evidence that its employees abused the security issue, although the company will still notify users affected by this problem, and they will likely be advised to change their passwords as a precaution. The social networking site also recommends users to choose complex passwords and to avoid using the same passwords across different websites or services. To further reduce the possibility of hackers intruding into their accounts, users may also activate two-factor authentication and utilize physical security keys that go in the USB port of people’s computers.


Facebook also instituted steps to prevent unauthorized access to user’s accounts on its platform. For example, the social media platform will ask the user additional questions just in case the account was logged in to an unrecognized device, and it may also inform the user of suspicious login attempts. Furthermore, since the company recognizes that many of its users reuse passwords, the social media giant is also monitoring data breaches on other organizations.

Background: Facebook has grappled with security issues over the past few months. Earlier this month, the social media giant announced that it patched a software bug on Facebook Messenger that could have allowed hackers to gain access to user’s private conversations, although this problem only affected the browser version of the messaging service. Another recent security issue that Facebook faced is a data breach that affected as much as 29 million users last October. The social media giant attributed this incident to spammers who aimed to show malicious advertisements to affected users. The attackers gained access to a wide range of information which includes names, contact details, gender, the area of residence, and religious affiliation.

Impact: As the social media giant restructures itself into a more privacy-focused service, the recent security issues question Facebook’s ability to secure the personal information it currently holds. Even with the assurance that there was no indication that employees took advantage of the security issue, this incident will still alarm many Facebook users. Nonetheless, users are advised to follow the recommendations of the social media giant in protecting their accounts to reduce risks of unauthorized access.