Did hackers get your Facebook password? Here is what cyber-security firm Sophos wants you to do
The latest spoiler alert for Facebook and its users, is that, this social media-giants some 20,000 employees have access to up to 600 million users password.
How would you feel if your Facebook password was known to someone else as well? It is scary and unsafe because this means your personal information on Facebook is at danger. Well hate to break it to you, this is what looks like have happened. The Mark Zuckerberg-led Facebook’s security has already been in question since US elections in 2016. There were regulatory hurdles from various other developed countries as well. The problem with Facebook is data breach, and looks like this issue is not seen to end anytime soon. The latest spoiler alert for Facebook and its users, is that, this social media-giant's some 20,000 employees have access to up to 600 million users password. Scary, but this is what KrebsOnSecurity author Brian Kreb reveals.
According to Kreb, Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.
This Facebook source told Kreb that between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees.
These Facebook passwords held with its employees are dated back to 2012.
In an interview with KrebsOnSecurity, Facebook software engineer Scott Renfro said the company wasn’t ready to talk about specific numbers — such as the number of Facebook employees who could have accessed the data. He also stated that, the company planned to alert affected Facebook users, but that no password resets would be required.
While Facebook are claiming to take care of the matter, however, whether actually your password is safe that definitely raises a series of questions.
In an interaction with Zee Business Online team, Paul Ducklin, senior technologist at British-based security software Sophos highlighted few options that a Facebook user can do in order to secure their password. These are:
Q. Should I change my Facebook password?
Sophos: Why not? It's perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands (and you can bet your boots that the crooks are trawling through any old data they might have right now, to see if there is anything they missed before), then you can expect them to be abused. Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed.
So our advice is: change your password now.
Q. Should I turn on two-factor authentication?
Sophos: Yes, turn on two-factor authentication (2FA) now. We've been urging you to do use two-factor authentication everywhere you can anyway - it means that a password alone isn't enough for crooks to raid your account.
If you are reluctant to give Facebook your phone number, use app-based authentication, where your mobile phone generates a one-time code each time you log in.
Q. Should I close my Facebook account?
Sophos: We can't answer that for you. Given that the wrongly-stored passwords weren't easily accessible in one database, or deliberately stored for routine use during logins, we don't think this breach alone is enough reason to terminate your account. On the other hand, it's a pretty poor look for Facebook, and it might be enough, amongst all the other privacy concerns that have dogged Facebook in recent years, to convince you to take that final step. In short, you have to decide for yourself. (If it helps you decide, we're not closing our accounts.)