After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cyber security experts are urging users to change their passwords and turn on the two-factor authentication (2FA).
So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.
"Hashed passwords still need to be cracked before they can be used; plain text passwords are the real deal without any further hacking or cracking needed," Ducklin added.
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.
"This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA)," Shier said.
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.
Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons -- like two-factor authentication (2FA) -- for things like advertising and making users searchable by their phone numbers across its different platforms.
"Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don't use your Facebook password for any other login, particularly for personal/professional email accounts or online banking," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)