I don’t know about you, but if I were a principal of a school now, the first thing I’d do is to ensure that every student learn the basics of cyber-security.
Logging out and clearing the cache after every session, using passwords that are complex, not reusing the same password for all login credentials and changing of password as often as possible—these are the basics of cyber-security and you’d be shocked to know that many of us aren’t having these habits.
If so, this latest news should trigger the alarm in you.
Facebook Stored Up to 600 Million Account Passwords in Plain Text
I can almost see the question marks in your mind:
The cat’s right, but not entirely right.
You see, user passwords (for almost all platforms, unless you’re talking about some shady platforms lah) stored by the database are usually “encrypted” as well.
Known as “hashing”, this means that even people working in the company that manages these database can’t see what the passwords are.
It’s pretty hard to describe “hashing” in plain English, so you just need to know this: your passwords are usually so encrypted, so only you know it.
And if you’ve forgotten it?
The only way is to reset it.
Which is why you never see platforms emailing you your password when you’ve forgotten it: they’ll reset it instead.
Suffice to say, no one’s supposed to see that you’ve set your Gmail password as “passwordz”. It’s the very basics of cyber-security.
Unfortunately, our dear Facebook, who has been in hot soup recently with their privacy scandals, is facing yet another problem: they didn’t “hash” the passwords.
So people working there can see your Facebook passwords…in plain text.
Going back to the example, if your password is “passwordz”, someone who works in Facebook would know that.
Which is not normal.
First Reported by Computer Security and Cybercrime Blog
The issue was first broke by KrebsonSecurity on 21 March 2019. According to the cyber-security expert, the data is “searchable by more than 20,000 Facebook employees”, and logs have indicated that “some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.”
What this means is that there are people who work in Facebook who might know your password.
According to them, this could have dated back to 2012.
Facebook Responds
Immediately after KrebsonSecurity broke the story, Facebook published a blog post without referencing this to KrebsonSecurity, indicating that they apparently have found this issue way back in January this year during a routine security review, and that they have since fixed the issue.
They also added that they haven’t found any evidence of anyone internally abusing or improperly accessing the passwords, but they would still notify users about the issue. This includes “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
They then wrote about how they secure passwords, educate us how to secure our passwords and whatnot.
Well, Facebook being Facebook, we’re sure it’s yet an honest mistake without any cover-up, and it’s just yet another coincidence that they published their statement right after KrebsonSecurity post. Just like all their previous ordeals, no?
In Facebook, we trust?
What You Must Do
If you think it’s not an issue, you’d really need to attend some courses on cyber-security.
While it’s mentioned that the data isn’t “abused” or “improperly accessed”, it’s still a fact that passwords were exposed, and bad actors would pay for these data.
Reason being? If you use “passwordz” for your Facebook account, you might use it for your Gmail account, your Grab account or maybe all your accounts that require passwords.
With a software, these bad actors can try to log in to your other accounts (the software would try on millions of accounts in a second), and once in, you might just find all your accounts locked out…and for accounts that saved your payment details, you might just see a shocking statement from your bank.
Now, if you think it won’t happen to you, think again: simply ask around and you’d have at least one friend whose account was “hacked”, and I bet my boss’ car and it’s due to this mindset of “alamak it won’t happen to me one lah I’m a nobody.”
So do yourself a favour: even if you’re not impacted by this latest security “breach”, change your password now if you haven’t done so for months.
It’s just like locking your door: if you can lock your house door every day, can’t you change your password every few months?
If you watch at least 10 minutes of brain rot content daily, you must know this:
Read Also:
- You Can Now Buy These Tom Yum Crickets in Sheng Siong for $4.90 a Pack
- Ultimate Guide to All the Last Trains & Buses During CNY Eve (28 Jan)
- FDW Found Selling Food Near Lucky Plaza, Sparking Concerns About Food Safety
- Guide to When You Should Deposit Money During Li Chun 2025 Based On Your Chinese Zodiac Sign
- Bai Tai Sui 2025 Guide: Chinese Zodiac Signs That Need to Bai Tai Sui (拜太岁)
- Ultimate Guide to the Fortune of All Chinese Zodiac Signs in the Year of the Snake (2025)
Advertisements
