In late September 2024, Fakebook’s parent company, Meta, was fined $101 million dollar by the EU for a 2019 security breach. That breach revealed that Meta had shamefully left hundreds of millions of passwords (600 Million) unencrypted in plain text! As this password hashing article outlines, hashing passwords is a basic best practice practiced for more than twenty (20) years.
The fact that Meta, a multi-billion dollar company, allowed passwords to be stored in plain text is alarming. Storing passwords this way is like leaving the keys to your home on the front porch—anyone who finds them can easily walk right in. Companies are supposed to encrypt passwords. This practice transforms passwords in one-way scrambles that cannot be reversed back into the original password. Meta made it exceptionally easy for hackers who gained access to their systems to see and use plaintext passwords. It made them prime targets for attacks once word leaked about the poor security practice.
This incident shows we can’t rely on major corporations to protect our critical personal data. If tech giants like Meta can’t secure our data, how can we protect it ourselves? Let’s go over what you need to know and do to protect your data from any vendor, including Facebook.
Step 1: Start Using a Password Manager—Today
Any person not using a password manager is reusing passwords across multiple sites, guaranteed. The human mind cannot manage passwords well enough for any other outcome. This bad practice puts all your accounts at risk if just one site gets hacked. For Meta, any exposed password can potentially be used to access your other accounts.
A password manager is your first defense, generating and securely storing strong, unique passwords for each account. All you have to do is remember one master password. Password managers offer two additional benefits beyond setting strong passwords. First, they can alert you if a password is involved in a data breach, enabling a quick update. Second, they prevent password entry on phishing sites by not filling in credentials on look-alike websites. These features are so important given the prevalence of phishing and online attacks today.
Put simply, using a password manager not only saves you time but ensures your accounts are much harder to hack. Each account has its own unique password, reducing the risk if one password is compromised. Now, here’s the ugly truth about passwords. Even long and strong passwords are insufficient to protect your identity and authentication. You have to add Multi-Factor Authentication to your identity protection scheme. That’s what we turn our attention to next.
Step 2: Enable Multi-Factor Authentication (MFA)—Your Extra Layer of Security
Multi-Factor Authentication (MFA) is like adding a second uniquely keyed deadbolt to your digital front door. Even if someone manages to get their hands on your password (the lock’s unique key), they won’t be able to access your account without a second form of verification—such as a code sent to your phone or email, or a six-digit code from an authenticator application.
In light of the Meta breach, where passwords were stored in plain text, MFA is a critical step everyone must take to protect their accounts. Imagine a scenario where a hacker has your Meta password. If MFA is enabled, they would still need access to your second authentication method, making it difficult to break into your account without both pieces of information.
Don’t wait until after an attack to enable MFA. While it takes a bit more time to log in, that extra step can mean the difference between having your account hacked or keeping it secure.
Step 3: Embrace Passkeys—A Password-Free Future
As we look toward the future of cybersecurity and authentication measures, passkeys are rapidly supplanting antiquated passwords. They use biometric authentication, such as facial recognition or fingerprint scanning, or hardware keys to verify your identity. Unlike passwords, passkeys can’t be stolen and reused for other website authentication, making them a more robust, secure, and efficient way to log in.
While passkeys are still gaining traction, some major platforms have already started offering them. If you have the option to use a passkey, it’s worth considering. By moving away from passwords, you’re removing one of the most vulnerable parts of your security chain.
Passkeys could have prevented the Meta breach from affecting users whose credentials were exposed in plain text. As more companies adopt this technology, it will become increasingly difficult for hackers to compromise accounts using traditional methods.
Step 4: Stay Informed and Alert
The Meta breach is a reminder that even the biggest tech companies aren’t immune to security lapses. It’s easy to assume that our data is safe when stored by large corporations. However, the truth is, breaches can happen anywhere, at any time. That’s why it’s important to stay informed about the latest threats and take proactive steps to protect yourself.
Monitor your accounts regularly, and be on the lookout for suspicious activity. Set up alerts on your banking and email accounts so you’ll be notified if someone tries to log in or make unauthorized changes. If you hear about a breach involving one of your accounts, don’t wait—change your password immediately. Then enable additional security measures (MFA/Passkeys) the platform may offer.
The Lesson from Meta: You Must Hold the Power Yourself
While the breach at Meta is concerning, it also serves as a valuable reminder that we all have the power to strengthen our digital defenses. Password managers, MFA, and passkeys are all tools within your reach, and they can make a significant difference in protecting your online presence. Companies like Meta may promise to safeguard our information, but in the end, it’s up to each of us to take control of our cybersecurity.
Let this breach be a turning point. Take action now to secure your accounts before it’s too late. A few simple changes today can help protect you from the growing threats of tomorrow.
Secure your business with CyberHoot Today!!!
Not ready to sign up yet, but want to learn more? Attend our monthly webinar to see a demo of CyberHoot, ask questions, and learn what’s new.