While we read the news of Facebook revealing that it exposed millions of Instagram users' passwords in a data-security lapse. The password exposure is part of the security breach that was first reported last month by Krebs on Security. Admitting the security blunder, Facebook has said that the company it stored passwords of millions of users in plain text on its internal servers.
Q&A commentary from Paul Ducklin, senior technologist, Sophos:
Q. Should you close your Instagram account?
Sophos: We can’t answer that for you. Given that the wrongly stored passwords weren’t easily accessible in one database, or deliberately stored for routine use during logins, we don’t think this breach alone is enough reason to terminate your account.
Q. Should you change your Instagram password?
Sophos: Why not? It’s highly unlikely that any passwords were acquired by any crooks as a result of this, but if any plaintext passwords do end up in the wrong hands, you can be sure that the crooks will try them out right away.
So our advice is: don’t wait for Facebook or Instagram to warn you – change your password now.
Q. Should you turn on two-factor authentication?
Sophos: Yes. We’ve been urging you to do this everywhere you can anyway – it means that a password alone isn’t enough for crooks to raid your account....