Facebook (FB) is in hot water again. After a year of controversies in 2018, it looked as though the company was ready to turn over a new leaf in 2019. But that was before Brian Krebs of Krebs on Security reported that the social network was storing hundreds of millions of users’ passwords on company servers in plain text.
That might not sound too bad — until you realize that storing passwords in plain text means that they were completely readable. Facebook usually hashes and salts passwords, which prevents passwords from being read. What’s more, those passwords were on a server, Krebs reports, that was accessed millions of times by roughly 2,000 engineers and developers.
Why is that such a big deal? Because if one of those engineers or developers were so inclined, they could have used that information to access user accounts.
But it doesn’t look like Facebook will suffer much backlash through either its user numbers or stock price.
Following the first reports of the news, Facebook’s stock was trading marginally higher at $166 per share as of 2:30 p.m. on Thursday.
Facebook, for its part, says that there is no evidence any employees abused their access to the password data. What’s more, the fact that these passwords were being stored in a readable format was uncovered by Facebook itself during a security review. But the problem was uncovered back in January, and we’re only hearing about it know.
All of this, of course, comes less than a month after CEO Mark Zuckerberg revealed, in a lengthy Facebook post, that the social network was doubling down on privacy and ensuring users’ data remains safe.
In a post explaining this latest issue, Facebook’s VP of engineering, security and privacy Pedro Canahuati said that the company will be notifying “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” to let them know that their passwords were part of the batch stored as plain text.
Facebook Lite is a version of Facebook for users who have slow internet connections in developing countries.
If you’re a Facebook user, and let’s face it, you likely are, your best bet is to change your Facebook password immediately. That goes for Instagram users, as well. And while WhatsApp passwords weren’t mentioned as part of the latest privacy debacle, it’s probably best to change your password there too.
Facebook’s problems aren’t adding up
All of this follows news in 2018 that a Facebook bug exposed millions of users’ private photos to app developers. That story was preceded by Facebook’s “view as” bug, which allowed hackers to exploit access tokens used to keep users logged into Facebook. Those tokens could then be used to gain access to users’ accounts.
And those problems came after we learned about the Cambridge Analytica scandal during which a political consulting firm exploited Facebook user data to aid in the election of Donald Trump.
Facebook, and other social media sites, have also been under intense scrutiny with regards to fake news and disinformation. Facebook in particular has had to answer for Russian interference in the U.S. presidential election and the spread of misinformation in Myanmar and India via WhatsApp, which led to real-world violence and killings.
More recently, Facebook was criticized for its slow response in removing a video of the terrorist attack in Christchurch, New Zealand, during which attackers shot and killed 50 people attending weekly prayers at two mosques.
Facebook said that it took down the video as soon as the company was alerted about it by New Zealand police. Because the video was left online for so long, it was copied over and over by individuals and will never be contained and kept offline.
Despite the endless negative headlines over the past year, Facebook’s user numbers haven’t suffered. During its last quarterly earnings report, the company said it saw daily active users grow in every geographic location it serves. Its monthly active users also either grew or remained stable for the quarter.
So is this latest Facebook scandal likely to impact the company? I think you already know the answer.
More from Dan: