On 21st March, Facebook disclosed in a post , that millions of passwords were not encrypted on their server. This means that workers in the company can easily see passwords of the users since the passwords are plainly saved in text format on their server. The company further announced that on their sister social media, Instagram, login passwords in their tens of thousands were unencrypted. You can guess! The company came under heavy fire by many all around the world for such laxity and carelessness.
While you may think that that was the height of it, Facebook gave another shocker. Around 7 pm ET on April 18, 2019, the attorney general, William Barr concluded his news conference on the release of the Robert Mueller report.
Just a few minutes after, Facebook updated the earlier post . It said:
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed”.
It is no longer tens of thousands but millions. Just unbelievable! The post nevertheless reassured users that their passwords are safe. It further stated that there had not been any evidence of unofficial access by workers. But mind you, the timing of this release cements skeptics’ distrust in the intent of the company with sensitive details.
Facebook is reputed to manage over 2 billion users while Instagram , on the other hand, has about a billion users. These platforms attract millions of people on a daily basis so much so that a handful of people make their end meets through them. Considering this mammoth number, you would think that the company would have a very tight security algorithm, especially for login passwords. Unfortunately, the recent revelations have been disappointing.
Brian Krebs is a cybersecurity researcher and journalist. He has come out to express his displeasure in Facebook security systems. He revealed that Facebook had used the same method of storing passwords since 2012. With the constant technological advancement that the world is experiencing, he expected Facebook to have further tightened their way of saving passwords. He candidly advised users to take password management as their personal responsibility since Facebook has failed in this aspect. He put forward the idea of changing passwords on a regular basis or use the two-factor authentication system.
Facebook reemphasized that there is no cause for panicking as they are on top of the situation. The company says that nothing is more valuable than its users’ privacy. This was made known in a statement by the Vice President of Engineering, Security, and Privacy, Pedro Canahuati. He said that they are now looking for better ways of storing sensitive information such as access tokens. He further stated that they are committed to improve their system constantly and as well as solving any security lapse immediately they are discovered.