Here's why you need to change your Facebook and Instagram password now
Oops, they did it again. If you didn't think that Facebook could go lower than sharing personal information from 87 million users with third party sites, violating a signed FTC consent decree in the process, maybe you're not giving the social media company enough credit. According to KrebsonSecurity, hundreds of millions of Facebook users could have had their passwords discovered by Facebook employees. These passwords were stored by the company in plain text dating back as far as 2012. Facebook engineers noticed the mistake when reviewing new code back in January of this year.
While 2018 was not a great year for Facebook, 2019 has started just as poorly for the company. Earlier this month, the company was accused of using data provided by subscribers for two-factor authentication, like phone numbers, for advertising and marketing purposes. And The New York Times revealed last week that Facebook is the subject of an investigation for deals it made with other tech firms for data.
We don't know if this is going to make you feel better, but an internal investigation by Facebook reveals that there is no sign that employees took advantage of this oversight. Still, if you are a Facebook or Instagram user, or even if you were a Facebook or Instagram user and still have an active account, it might be a good idea to change your password now. Facebook does not feel that such a move is required and company engineer Scott Renfro said, "We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data." Still, the number of accounts that are involved could number somewhere between 200 million and 600 million, and the number of Facebook employees with access to them was approximately 20,000. We'd suggest that you ignore Facebook's recommendation and change your password.
"We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Renfro said. “In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse."-Scott Renfro, engineer, Facebook
A statement made by Facebook says that it plans on notifying "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users." But when it comes to Facebook and its associated apps and sites, your best bet is to get out in front of whatever privacy issue the next shoe to drop will expose.
Things that are NOT allowed: