Facebook is facing the next privacy scandal. This time it concerns the company’s password security. Tens of millions of passwords are said to have been stored unencrypted on the company’s servers for years.
Normally passwords are not stored in plain text, but in encrypted form. For this purpose, software generates a checksum for each password, which does not allow any conclusions to be drawn about the actual password, but which enables a check to be made. This protects users from unauthorised access to their accounts. This is not said to have been the case with Facebook for years.
During a routine check in January, the data breach was discovered. According to the US company, the passwords were not publicly accessible. However, employees of the company were able to see what is already enormously problematic in terms of data protection. Facebook itself did not specify how long passwords had been stored unencrypted. IT security expert Brian Krebs, who first reported on the breakdown, says that the oldest records date back to 2012.
According to Brian Krebs, up to 600 million users will be affected – a quarter of all Facebook users. Although the encryption should be restored by now, it is strongly recommended to change your own password in the social network. Facebook itself wants to notify all affected users by e-mail. However, it is still unclear when this will happen.
Another problem is the fact that the Facebook password often serves as a door opener to other apps due to app links. If the password has been tapped, there may also be access to other online services. In addition to the various Facebook services – such as Instagram alongside Facebook itself – data thieves could also access many other apps. It is not clear whether data were actually stolen. In practice, it will be almost impossible to find out, since theoretically several Facebook employees could have accessed the passwords.
Since the risk that your password may have fallen into the wrong hands is comparatively high, every Facebook user is advised to change their password. The passwords of other applications operated by the Facebook group should also be changed urgently.