Skip to Content
Security & privacy

Facebook betrays users again by storing passwords in plain text

If there’s one thing we can count on with Facebook, it’s that we will always be let down by the company. From the Cambridge Analytica fiasco, to the more recent revelation that 50 million accounts were hacked, there always seems to be something putting our personal information at risk.

Well, the social media giant is at it again. We’ve learned that Facebook has been storing hundreds of millions of users’ passwords in plain text.

The company wants you to believe this isn’t a big deal. But it is!

Facebook’s latest epic fail

Krebs on Security first discovered that Facebook had been storing hundreds of millions of users’ passwords internally in plain text. And, it’s been going on for years. Dating back to at least 2012.

That means the passwords were exposed to anyone with access to internal files. Passwords are normally protected with encryption, but for some unknown reason Facebook failed to provide users with necessary security.

Facebook claims this isn’t a big deal, and posted a blog trying to convince everyone. The blog post is titled, “Keeping Passwords Secure.”

Here’s part of what the company had to say, “To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly access them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”

Are you convinced yet? I’m not!

The number of impacted users is staggering. It could be anywhere from 200 million to 600 million people. All those users’ passwords were searchable by Facebook’s 20,000-plus employees.

Facebook said it discovered some passwords were being stored in a readable format in January as part of a routine security review. So why are we just hearing about it now?

The company also said the issue has since been fixed and will be notifying everyone whose passwords were found to be stored this way. Thanks!

How to secure your Facebook account

Even though Facebook claims the plain text passwords weren’t seen by anyone outside the company, why would we believe anything they say at this point. We’ve been burned too many times by this dysfunctional company.

That’s why we recommend taking security into your own hands.

Start by changing your Facebook password.

To reset your Facebook password, go to Settings >> Security and Login then tap or click on Change Password. (Note: Make sure it’s a unique password so crooks can’t use it for password reuse attacks.)

Turn on two-factor authentication

Here’s another layer of security you can employ on your Facebook account — turn on Two-Factor authentication (2FA).

Here’s how you do this: Go to Settings >> Security and Login >> scroll down to Use Two-Factor Authentication. Click Edit >> select the method you want to use. You can pick “Text Message” or “Authentication App.”

One thing to note is, Facebook recently admitted phone numbers provided for two-factor authentication were used for targeted ads. This is troubling because it is yet another indication that Facebook is repurposing its users’ information, phone numbers used for security, nonetheless, for monetary purposes.

Because of this, I recommend using “Authentication App” instead of linking your phone number as your Facebook 2FA gadget. Instead of a text message, you can use an app like Google Authenticator to generate your 2FA login codes.

After the latest Facebook fail, if you are feeling apprehensive about the site, you can take a break by either deactivating it, or part with it for good by deleting it completely.

If you don’t want to leave but want to take a break, tap or click here for steps to deactivate Facebook.

Had enough of all the Facebook data security lapses? Here’s how to delete your Facebook account for good.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me