Facebook stored hundreds of millions of user passwords in plain text for years; Change your Facebook and/or Instagram password now

“Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned,” Brian Krebs reports for KrebsOnSecurity. “Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.”

“Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers,” Krebs reports. “That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.”

“The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees,” Krebs reports. “Facebook has posted a statement about this incident…”

Read more in the full article here.

MacDailyNews Take: In part of their statement, Facebook states:

While no passwords were exposed externally and we didn’t find any evidence of abuse to date, here are some steps you can take to keep your account secure:

• You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
• Pick strong and complex passwords for all your accounts. Password manager apps can help.
• Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.

Our advice? #DeleteFacebook.

WhatsApp co-founder Brian Acton renews call for users to delete Facebook – March 18, 2019
New York investigating at least eleven iOS apps for transmitting personal data to Facebook, including ‘sexual activity’ – March 1, 2019
These apps are stealing your most private data and it should be a crime – February 25, 2019
You give apps your sensitive personal information, then they tell Facebook, even if you have no connection to Facebook – February 22, 2019
Apple blocks Facebook from running all of their internal iOS apps by revoking distribution certificate – January 30, 2019
Apple bans Facebook’s ‘research’ app that paid teens to install VPN that spies on them – January 30, 2019
Hidden documents reveal how Facebook made money by bamboozling children – January 18, 2019
Roger McNamee: I mentored Mark Zuckerberg. I loved Facebook. But I can’t stay silent about what’s happening. – January 17, 2019
Apple CEO Cook calls for U.S. Congress to pass comprehensive federal privacy legislation in TIME op-ed – January 17, 2019
Senator Marco Rubio introduces privacy bill to create federal regulations on data collection – January 16, 2019
Apple endorses comprehensive privacy legislation in U.S. Senate testimony – September 26, 2018
Trump administration working on federal data privacy policy – July 27, 2018


  1. Easy fix for FaceBook

    People give a real name and email address to Facebook.
    People get to use the screen name of their choice (unoffensive)
    People choose from categories for which they don’t mind advertisements on the sides.
    Facebook as usual, no personal information captured, advertisers pay based on the number of people choosing their category.

    No more trickery and tomfoolery. All it does is make users lie anyway.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.