The National Privacy Commission (NPC) criticized on Friday, March 22, social networking giant Facebook for “lax internal controls’ that resulted in the exposure of user passwords.
Facebook admitted that millions of passwords were discovered in January to be stored in a readable format within their internal data storage systems. This first came about after a revelation by a security expert, who claims that this practice has been going on since 2012 and that the passwords could be accessed by more than 20,000 employees of Facebook.
In a statement, NPC chair Raymund E. Liboro said the storage of Facebook passwords in plain text needlessly exposed its users to risk.
“Passwords that are stored in plain text are more easily and readily stolen by those who intend harm; they may even be compromised by accident,” Liboro said.
NPC said that Facebook has not found any evidence so far that anyone internally abused or improperly accessed the said dataset and said they will be notifying everyone affected.
“Even if there is shown to be no evidence of abuse, there is little comfort in knowing that the world’s largest repository of personal data practices such lax internal controls,” Liboro said.
In a 2018 study, the Ponemon Institute (a global information security think tank) found that 60% of businesses indicated that their data breaches come from negligent employees or contractors.
The NPC has advised users who received notice from Facebook to change your passwords immediately and enable multi-factor authentication.