Millions Of Facebook Usernames And Passwords Stored By Accident - Olmec Skip to main content

Millions Of Facebook Usernames And Passwords Stored By Accident

By April 15, 2019May 19th, 2022Cybersecurity

Are you a Facebook user?  If you are, it may be time to change your password.  KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly.  The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this.  We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of.  While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.