In late September 2024, Fakebook’s parent company, Meta, was fined $101 million dollar by the EU for a 2019 security breach. That breach revealed that Meta had shamefully left hundreds of millions of passwords (600 Million) unencrypted in plain text! As this password hashing article outlines, hashing passwords is a basic best practice practiced for more than twenty (20) years.
The fact that Meta, a multi-billion dollar company, allowed passwords to be stored in plain text is alarming. Storing passwords this way is like leaving the keys to your home on the front porch—anyone who finds them can easily walk right in. Companies are supposed to encrypt passwords. This practice transforms passwords in one-way scrambles that cannot be reversed back into the original password. Meta made it exceptionally easy for hackers who gained access to their systems to see and use plaintext passwords. It made them prime targets for attacks once word leaked about the poor security practice.
This incident shows we can’t rely on major corporations to protect our critical personal data. If tech giants like Meta can’t secure our data, how can we protect it ourselves? Let’s go over what you need to know and do to protect your data from any vendor, including Facebook.
Step 1: Start Using a Password Manager—Today
Any person not using a password manager is reusing passwords across multiple sites, guaranteed. The human mind cannot manage passwords well enough for any other outcome. This bad practice puts all your accounts at risk if just one site gets hacked. For Meta, any exposed password can potentially be used to access your other accounts.
A password manager is your first defense, generating and securely storing strong, unique passwords for each account. All you have to do is remember one master password. Password managers offer two additional benefits beyond setting strong passwords. First, they can alert you if a password is involved in a data breach, enabling a quick update. Second, they prevent password entry on phishing sites by not filling in credentials on look-alike websites. These features are so important given the prevalence of phishing and online attacks today.
Put simply, using a password manager not only saves you time but ensures your accounts are much harder to hack. Each account has its own unique password, reducing the risk if one password is compromised. Now, here’s the ugly truth about passwords. Even long and strong passwords are insufficient to protect your identity and authentication. You have to add Multi-Factor Authentication to your identity protection scheme. That’s what we turn our attention to next.