Facebook flaw made the passwords of hundreds of millions of users visible to employees. Facebook disclosed the password exposure after the security blog KrebsOnSecurity learned about it from an internal source. Krebs said the issue dated back to 2012 in some cases but the issue has now been fixed.
The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds. Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.
Facebook secret insider
During a security review in January, Facebook found that the passwords were stored in a readable format, against its security procedures, but that they were never visible to anyone outside of the company. Most of the accounts affected were using Facebook Lite, a version of the app designed for emerging markets. The company said it hasn't found evidence this access was abused.
The revelation is just the latest smudge on the company's already spotty data-security record. Facebook is still grappling with the fallout of several major security issues from last year, including the most prominent scandal revealed in March 2018 involving information on tens of millions of users shared with political consultancy Cambridge Analytica. That disclosure resulted in various government probes around the world. In the fall, millions of users also had personal information accessed via a breach.
What you have to do next
Perhaps the best solution in this case would be an obvious answer - stop using Facebook services (including Instagram, WhatsApp, etc), after deleting all the information from them. Unfortunately, this radical solution is not suitable for everyone. Many people are very addicted to social networks and cannot end their online life so easily, and some people have a business that needs SMM advertising.
Our advice for you if you can't break your relationship with Facebook and its family of services:
Do not store and do not send any sensitive data using Facebook. It was never private and sufficiently protected, and as we can see already in 2019, its services are not safe enough even for 2005.
Change your password and make it strong enough. If someone has taken possession of the data of your account, it is better to change the password until the attackers have access to it, or until the data of your account has been published somewhere on the Darknet. Hopefully, Facebook fixed already main security issues and your new password will protect your data.
If you use the same password for any other services as you have on Facebook, change these passwords and keep Facebook credentials different as for another services.
TL;DR: Conclusion
That is very sad that in 2019 we still can not feel safe online. Even such big services like Facebook allow themselves such critical errors, or perhaps even negligence.
To avoid leakage of your personal data, use strong passwords, different for different websites, and avoid storing your personal data online.
