Once again Facebook is facing the privacy crisis. According to Krebs on Security, Facebook stores hundreds of millions user password in plain text. Did you just read “plain text”?. Hell yeah! It is in plaintext. The worst part is these passwords are exposed for a year to users who have internal access to the files. Let us explain to you about password first.
How passwords are stored?
Plain text password
Storing password as plain text is the most simplest way. Your password will be stored in a server inside a database. Example if your password is “abcd123” it will be stored as “abcd123” in the database. This is how Facebook stores password. In terms of security obviously, the hacker can literally use dictionary attack method to get your password.
The other method of storing password is password encryption. Most of website encrypts your password before it is stored on the servers. It uses special key to turn password into a random string. Most of the time, the password encryption key is stored in the server where the original password is stored. If the hacker hacks into the server, they can decrypt your password.
The best method as for now is password hashing. There are many hashing methods such as MD5, and SHA-256. This takes the password harder to retrieve which means it take
Back to our topic…
Now you know how a password is being stored, let’s get back to our topic. More than 500 million Facebook users account is being compromised. According to Facebook, it says that there isn’t any evidence that the user’s plain text passwords are exposed outside of Facebook. It is also said that hundreds of millions of Facebook Lite user are affected. Moreover, tens of millions of Facebook users password is compromised too. At the same time, tens of thousands of Instagram users password has affected too.
Few hours ago, Facebook has admit about the issue and they will take action to rectify their mistake. Facebook has posted an update regarding the issue in their website. In conclusion, we advise all our reader to change their Facebook password as soon as possible.