Worried FB users advised to reset password

An Australian security expert says a password reset is an obvious answer for those worried about Facebook's latest privacy issue.

Facebook displayed on an electronic device

Facebook users worried about the latest security issue have been advised to reset their passwords. (AAP)

People worried about the latest Facebook security issue should reset their passwords, an Australian security researcher has advised.

Facebook on Friday announced thousands of their employees had been able to see hundreds of millions of user passwords for years.

But, the social media giant said, there's no evidence staff abused their access to the data.

Storing passwords in readable plain text violates fundamental computer-security practices.

"Passwords stored in plain text have no protection should they ever be inadvertently exposed, for example in a data breach," Gold Coast-based security researcher Troy Hunt told AAP on Friday.

"In practical terms, it's unlikely a big issue for Facebook unless it was combined with an incident such as a data breach (that) exposed the passwords to an unauthorised party.

"It sounds like there's no evidence of that having happened."

Facebook promised - in a blog post called "Keeping Passwords Secure" - it would notify all affected users including tens of thousands on Instagram.

Users of Facebook Lite, an app aimed at users in developing countries, were the main victims of the issue.

The company says the plain text passwords were stored on internal company servers where no outsiders could access them.

Mr Hunt, who runs the haveibeenpwned.com data breach website, said resetting a password was the obvious answer for worried users.

"Having said that, if they're using unique passwords and especially if they have 2-step verification turned on then it's a bit of a non-event," he said.

Password managers, such as Dashlane, have suggested all users change their Facebook passwords.

Facebook would certainly be storing user passwords with a strong cryptographic hashing function, which makes passwords almost impossible to view in their original form, Mr Hunt said.

The plain text issue was likely the result of logging too much information for debug and troubleshooting purposes, he said.

Twitter and software development platform GitHub faced similar problems in 2018.

Facebook chief executive Mark Zuckerberg last week touted a new "privacy-focused vision" for the social network that would emphasise private communication over public sharing.

The company wants to encourage small groups of people to carry on encrypted conversations that neither Facebook nor any other outsider can read.


Share
2 min read
Published 22 March 2019 12:40pm
Source: AAP


Share this with family and friends