Facebook exposed passwords in plain text
| Hundreds of millions of Facebook users affected.

Facebook has been jeopardising the security of hundreds of millions of its users’ accounts by storing their passwords in a plain text.

Passwords should always be encrypted in an unreadable format, but the social media giant admitted last week that hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users may have been affected by the error.

Facebook has been treading water in a sea of problems, including its handling of live streams following the Christchurch mosque attack and its response to the removal of videos. removed a livestreamed video that reportedly showed the terror attacks that took place Friday afternoon in Christchurch, New Zealand. Other platforms were reportedly more tardy, bringing the spotlight back onto social media firms’ capacity to quickly remove extremist content from their platforms.

The social network has conducted an internal investigation, which showed no evidence that anyone outside the company had gained access to the passwords, and that it had fixed the issue since discovering it in January, the firm wrote in a blog post. However, the incident still comes as a further blow to Facebook’s reputation.

Facebook’s vice-president for engineering, security and privacy, Pedro Canahuati, said:

As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. …We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.

iNews reported that the announcement is the latest in a string of headaches for Facebook chief executive Mark Zuckerberg in recent years, including rampant misinformation spread on the network, breaches of user data and allegations of political manipulation.

Last October, Facebook admitted that up to 50 million users were affected by a security breach, in which email addresses, phone numbers and other personal information was compromised.

The company is urging users to change their password and also consider enabling additional security features such as two-factor authentication (2FA), which sends an alert to the user’s smartphone, asking them to enter a code once it detects an attempt to login from an unidentified device.

Sources: Fortune, iNews