PETALING JAYA: The Malaysian Communications and Multimedia Commission (MCMC) has urged the public to change their Facebook and Instagram passwords, if they have received notifications to do so.
The Commission came out with a statement on Sunday (March 24) after Facebook acknowledged on Thursday (March 21) that it left hundreds of millions of user passwords readable by its employees for years.
“Any process to change the passwords should be done on their web pages or applications. This is important, as there is a possibility of parties that will try to take advantage of this situation to con people through deception, disguise and phishing,” they said.
MCMC said they would continue to monitor the situation, as well as communicate with the social media platform on any issues that could arise.
The blunder was uncovered during a routine security review early this year, according to Facebook, and comes after a series of controversies centred on whether Facebook properly safeguards the privacy and data of its users.
The company’s vice president of engineering, security, and privacy, Pedro Canahuati, said that the Silicon Valley company is expected to notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users whose passwords may have been vulnerable to prying eyes.
The California firm reaches an estimated 2.7 billion people with its core social network, Instagram and messaging applications.
Brian Krebs, of security news website KrebsOnSecurity.com, cited an unnamed Facebook source as saying the internal investigation had so far indicated that as many as 600 million users of the social network had account passwords stored in plain text files searchable by more than 20,000 employees.
The exact number had yet to be determined, but archives with unencrypted user passwords were found dating back to the year 2012, according to Krebs.
Facebook’s admission of the faux pas came after the report by Krebs.