If you’ve ever used Facebook, Facebook Lite, or Instagram since 2012, you need to change your password straight away.
Back in January, Facebook realised that some of its user passwords had been stored in plain text – meaning that if anyone has access to them, they could read all of the stored passwords.
This is a major error for a company like Facebook, as usually passwords are encrypted and hashed so that in the event of a data breach, they wouldn’t be accessible to hackers.
According to a Facebook blog post, this was discovered during a routine security review.
However, famed security journalist Brian Krebs reported yesterday that these passwords have been accessible to thousands of Facebook employers, and in some cases, this kind of data has been available and readable since 2012.
A source told Krebs that the investigation so far indicates “between 200 million and 600 million” Facebook users may have had their password stored in this way.
Facebook says there is no evidence to suggest anyone improperly used this information. Yet given that many people use their Facebook accounts to log in to other platforms, such as Tinder or Airbnb, it is worrying to say the least.
Change your password
In general, you should make sure to change and update your passwords fairly regularly, particularly after the event of a data breach.
Make sure it is a strong password: not your date of birth or your partner’s name for a start. Also, don’t use common phrases like “123456” or “password” unless you’re asking to be hacked.
One way to ensure a password is fairly strong is by mixing up the characters, such as adding numbers, lowercase, uppercase and symbols.
You can then double check how strong the password is using tools such as howsecureismypassword.net.
If you find it difficult to remember all those different password combinations, then use a password manager such as LastPass or KeyPass.
Finally, use two-factor authentication where you can. You can set this up on your Facebook account in facebook.com/settings. Click the “Security and Login” tab and select Set Up Two-Factor authentication at the top.
You can choose whether to confirm your account via a text message to your mobile number or via an authentication app such as Google Authenticator.
Facebook says it has fixed the security issue, but it’s worth doing this for good measure anyway. Staying safe online takes a bit of effort but it goes a very long way.