The Malaysian Communications and Multimedia Commission (MCMC) has advised Facebook and Instagram users in Malaysia to change their passwords if they receive alerts that their passwords are in a format readable by Facebook’s internal staff.
In a statement released by the MCMC, the commission said that routine security checks conducted by Facebook in January found that passwords of some Facebook and Instagram users have been stored in a format that its internal staff could read (text format common), even though the system used is designed to encrypt passwords.
MCMC has advised that any password conversion process should be made directly on Facebook or Instagram’s official app or site to avoid other parties trying to take advantage of the issue by deceiving people through fraud, impersonation and “phishing” methods. MCMC will also monitor further developments on this issue, as well as be in close contact with Facebook for any further issues arising.
According to Facebook, the passwords are not accessible to any external parties, and there is no evidence to date which indicates that they were abused by Facebook staff. The commission also said that Facebook has informed that the “problem was corrected” and users involved would be notified.
Last week, in a statement on its blog, Pedro Canahuati, VP engineering, security and privacy at Facebook said , as part of a routine security review in January, the social media giant found that some user passwords were being stored in a readable format within its internal data storage systems. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” Canahuati said.
He added that Facebook has since fixed these issues and as a precaution, it will be notifying everyone whose passwords we have found were stored in this way.
To be clear, these passwords were never visible to anyone outside of Facebook and the social media giant has also found no evidence to date that anyone internally abused or improperly accessed them.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity,” he added.
(Photo courtesy: 123RF)