It’s time to change your Facebook and Instagram passwords again.
Facebook revealed today that it unknowingly stored hundreds of millions of passwords in a readable format on its internal storage systems. There’s no information yet that the passwords were accessed by any nefarious people, but you should probably update yours, just in case.
In a message posted on its site, Facebook says it noticed the issue in January. The security issue has since been fixed and the company will soon notify everyone whose passwords were exposed.
The social network is adamant that nothing bad happened and that no one accessed the password. But, it also doesn’t have any evidence that nothing happened either. It’s like if you left your home unlocked on vacation and assume no one entered the house just because you didn’t see it.
“These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” Facebook said in a statement.
Krebs on Security revealed that some users’ passwords have been stored in plain text since 2012. Over 20,000 Facebook employees had access to the passwords, but the investigation hasn’t found any evidence that the data was abused.
Facebook Lite users in regions with lower connectivity were impacted the most by the security lapse. Only “tens of thousands” of Instagram users were exposed. Users who were affected by the issue will be notified to change their password over the next few days.