Facebook is wiping the egg from its face once again.
This time around it’s related to a discovery that Facebook has been storing between 200 million and 600 million passwords in plain-text.
While it doesn’t appear as if these passwords left Facebook’s eco-system, it’s estimated that some 2 000 Facebook employees combed through the passwords and that alone is cause for concern.
That having been said, Facebook says it has no reason to believe users are at risk.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” Facebook said in a blog post.
So with that in mind, should you change your password?
In short, yes. Facebook has said that the issue that exposed passwords in plain-text has been fixed and we highly recommend using this incident to change your Facebook password. For those who are still recycling passwords use this as a chance to update and create unique passwords for all of your online activities.
As for two-factor authentication, if you haven’t turned it on, now might be a good time to do so according to senior technologist at Sophos, Paul Ducklin.
“Yes, turn on two-factor authentication (2FA) now. We’ve been urging you to use two-factor authentication everywhere you can anyway – it means that a password alone isn’t enough for crooks to raid your account. If you are reluctant to give Facebook your phone number, use app-based authentication, where your mobile phone generates a one-time code each time you log in,” Ducklin advises.
Of course, many users might be tempted to delete their Facebook account outright given that various faux-pas committed by the social network. Facebook doesn’t make that process simple but you can click this link to be taken straight to the Delete Account page on Facebook, provided you are logged into your Facebook account.