Hundreds of millions of Facebook, Instagram passwords exposed; users advised to change access codes ASAP

Dubai: If you don’t want your Facebook or Instagram accounts hacked, or have any of your important selfies, pictures and other personal information stolen and misused, it is highly recommended that you change your passwords as soon as possible.

The social media giant has just confirmed that user access codes for hundreds of millions of Facebook and Instagram profiles were being stored unencrypted or in plain text, meaning they can be seen by thousands of Facebook employees.

This was announced in a new blogpost, following an earlier report published by KrebsOnSecurity which revealed that approximately 200 million to 600 million social media users may have had their passwords exposed to more than 20,000 staff members of Facebook.

The passwords are for accounts dating back to 2012, and stored within Facebook’s internal data storage systems.

The company confirmed the information “caught” its attention because its login systems are supposed to mask user passwords, not meant to be visible to its employees.

Facebook said it will be sending out notifications to affected users as a precaution, although it assured that it has already fixed the issues, adding that the readable passwords have not been leaked outside the company and that its workers have not abused access to this information.

“These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

“We will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users,” the company said.

How Facebook normally protects users’ passwords:

When a user opens an account, the password created is usually masked so that no one in the company can read or access it.

In technical terms, Facebook’s systems “hash” and “salt” the user codes and use a function called “scrypt” and a cryptographic key that let Facebook irreversibly replace the actual password with a set of characters that are randomly generated.

Although Facebook has assured that it hasn’t found any evidence of password abuse, it has shared the following tips to keep accounts safe from hackers:

1. Change password in Facebook and Instagram “Settings.” Don’t use the password you created for other platforms or websites.

2. Ensure that the password is strong and complex.

3. You may opt to enable a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, Facebook will ask for a security code or tap your security key to verify that it is you.