Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Flip the “days since last Facebook security incident” back to zero.

Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years.

The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.

Krebs said the bug dated back to 2012.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them,” but did not say how the company made that conclusion.

Facebook said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.” The company also said “tens of thousands of Instagram users” will be notified of the exposure.

Krebs said as many as 600 million users could be affected — about one-fifth of the company’s 2.7 billion users, but Facebook has yet to confirm the figure.

Facebook also didn’t say how the bug came to be. Storing passwords in readable plaintext is an insecure way of storing passwords. Companies, like Facebook, hash and salt passwords — two ways of further scrambling passwords — to store passwords securely. That allows companies to verify a user’s password without knowing what it is.

Twitter and GitHub were hit by similar but independent bugs last year. Both companies said passwords were stored in plaintext and not scrambled.

It’s the latest in a string of embarrassing security issues at the company, prompting congressional inquiries and government investigations. It was reported last week that Facebook’s deals that allowed other tech companies to access account data without consent was under criminal investigation.

It’s not known why Facebook took months to confirm the incident, or if the company informed state or international regulators per U.S. breach notification and European data protection laws. We asked Facebook but a spokesperson did not immediately comment beyond the blog post.

We’ve contacted the Irish data protection office, which covers Facebook’s European operations, but did not hear back.

Google: Rel=prev/next Is Not An Indexing Signal Anymore; Help Docs Removed

Yesterday during the webmaster hangout, I noticed that the documentation on "Indicating paginated content to Google" that talks about rel=next/prev is now gone, 404ing. Also, the blog post about it from 2011 in bold reads at the top "Note: The information in this post is outdated. Rel=prev/next is not an indexing signal anymore."

Slowdown or not, China’s luxury goods still seeing high-end growth

Despite well-documented concerns over an economic slowdown in China, the country’s luxury goods market is still seeing opulent growth according to a new study. Behind secular and demographic tailwinds, the luxury sector is set to continue its torrid expansion in the face of volatility as it’s quickly becoming a defensive economic crown jewel.

Using proprietary analysis, company data, primary source interviews, and third-party research, Bain & Company dug into the ongoing expansion of China’s high-end market in a report titled “What’s Powering China’s Market for Luxury Goods?

In recent years, China has become one of the largest markets for luxury good companies globally. And while many have raised concern around a drop-off in luxury demand, findings in the report point to the contrary, with Bain forecasting material growth throughout 2019 and beyond. The analysis provides a compelling breakdown of how the sector has seen and will see continued development, as well as a fascinating examination of what strategies separate winners and losers in the space.

The report is worth a quick read, as it manages to provide several insightful and differentiated data points with relative brevity, but here are the most interesting highlights in our view:

How to Share Deals & Drive Sales with Facebook Offer Ads

Looking for ways to boost your sales, online and offline? Of course, you are! If you haven’t tested Facebook offer ads yet, let’s get you started, right here, right now.

Facebook offer ads present a deal to entice prospects to make a purchase. These customizable, mobile-only ads are excellent for both brick-and-mortar locations and ecommerce brands, as they provide options to claim offers in-store and online.

Image via adweek

In this guide to Facebook offer ads, I’m going to tell you everything you need to get started. You’ll learn how to create these ads, how to set up your campaign, and how to optimize for success. Let’s get started!

How to create Facebook offer ads

To create an offer ad, head over to Ads Manager and choose a Traffic, Conversions, or Store Traffic campaign objective. Users that claim an online offer will receive a discount code and will then be sent to your website to shop. If your offer is for in-store shopping, users will receive a barcode or a QR code that can be later used on their mobile device at checkout.

Next up, head to the ad set level to the section labeled “Offer” where you’ll see a toggle button. Switch it to “ON”.

As a heads up, if you choose Traffic as your campaign objective, this section will be visible but grayed out if you’re optimizing for landing page views, which is the automatic selection. To resolve this, head toward the bottom of the window to the Optimization & Delivery portion and click “Link Clicks” as your selection for Optimization for Ad Delivery.

If you do have a physical store location and select the Store Traffic campaign objective, but receive this error message, you will first need to add your business location(s) from your Facebook Business Page. Instructions on how to accomplish this can be located here.

Once you enable Offers and select the correct optimization feature, click “Create Offer” in the ad set level. A new window will appear where you can set up the details, run time, offer redemption type (online, in store, or both), promo code type, and total offers available. This is great, because it means you can set the terms of the offer you want to promote.

Next, select your budget, audience, and ad placements. When you move on to the ad level, both static images and video creatives are available options for Facebook offer ads. If you have video content relevant to your campaign and target audience, we encourage testing that—subtle motion goes a long way in captivating users as they scroll down feeds. Get your prospective customers to stop on mobile and view your ad, then entice them with your ad copy and special offer to click and potentially convert.

How to use promo codes with Facebook offer ads

As you’re strategizing your offer campaign and moving on to the ad creation, what kind of promo code will you use? Depending on your goals, your target audience, and how you prefer to track promo code use, you should test three types of promo codes:

  • Generic: These codes can be used by anyone. These are effective and also efficient in terms of set up. For example, you can create one specifically for all of your Facebook offers that may look a little something like this: “BOGOFB” for a buy-one-get-one-free deal or “FB25OFF” for a 25% discount. Feel free to get creative with these, but make them short and easy to remember.
  • Unique: Prefer to not have your promo codes shared around the web and potentially impact your tracking of their source? Test our unique promo codes and barcodes with your offer Ads. With these, every user that saves your offer will receive a different code. To set these up using a .csv or .txt file—instructions and specs can be located here.
  • Barcodes and QR codes: If you are using the Store Visits campaign objective, this is an excellent option to test out. Users can save your offer and redeem it at a later time in-store. Please refer to Facebook’s Ads Help Center for offer ads barcode formatting guidelines.

Send reminders, automatically

Claimed offers sitting stagnant? Worry not. Facebook has a gentle nudging solution for that. As the deal nears its expiration date, Facebook will send automatic reminds to any people who claimed an offer and didn’t yet use it. Convenient and will help raise your conversion rates given the urgency and discount factor. A notification similar to this will appear:

Once you set up an offer ad and a user saves it, they will also receive an email that may look like this:

Facebook offer ads best practices

Testing your Facebook offer Ads is the most effective way to determine what works—and what doesn’t—with your audience. But there are a few standard best practices that you should be sure to follow.

1. Edit your ads

As always, review your work before publishing, as once you publish an offer ad, you will not be able to edit. If someone does need a revision post-publishing, disable and create a new offer ad.

2. Set limits

I’ve found one thing very effective for our clients who use Facebook offer ads: set a lower limit on the Total Offers Available. More often than not, these sell out, given the lower quantity enticing higher demand. We’re also testing increments to see where our sweet spot is with selling out and not having much left over, unclaimed. Simple economics here, but it works. To set a limit on the number of offers you have available, input a quantity in the Total Offers Available option to set a maximum.

Please note, if you are using unique promo codes and setting limits, the Total Offers Available cannot exceed the number of unique codes that you upload.

3. Try geotargeting

If you are running an in-store offer, be mindful of your location targeting. If you have a physical location, you may see more success in targeting people within a particular radius targeting of the city you’re based in or by zip code, rather than showcasing your Offer to people further away. It’s easy to overlook this, but you’ll focus your budget and increase your chances of offer claims and sale-based conversions by narrowing down your targeting.

4. Test ad copy

While the creative possibilities are endless here, if you’re experiencing writer's block, one thing we’ve seen work well for a large number of our ecommerce clients is testing ad copy that mentions something along the lines of “enjoy 10% off on us” or “treat yourself to $25 off on us.”

Make your audience feel special, and be genuine about it—like you’re treating them, because after all, you are.

5. Target new users

Test out timely Facebook offer ads with cold audiences as a way to get them into your funnel and familiarized to your brand. What could be easier as a first-time incentive to try you out and see how great your products are? Typically, when people are interested in something, unfamiliarity and price are deterrents from them opening up their wallets and converting. If you have a higher priced product or are struggling to get users to convert sooner, test out Offer Ads and see if that helps your sales volume and reducing your conversion window time.

6. Remarket, remarket, remarket

 Prefer to not give a discount to cold audiences upon first touch and potentially mismanage expectations between customers and your pricing? Run other campaign types in order to drive conversions at full price. If your warmer audiences are lingering and not converting, Facebook offer ads can then step in to save the day in converting these users.

With remarketing, you can certainly get as creative as you like with your Facebook targeting options. If you’re stuck on who to reach, we often recommend targeting custom audiences such as website visitors, specific landing page visitors, newsletter subscribers, leads, or customers that you are looking to upsell or cross-sell other products.

Make it easy for your audiences to overcome any hesitation in opening their wallets by providing a valuable deal. Valuable doesn’t necessarily mean a huge discount. Deals aren’t about discounting the value of your products worth. Offers are just an extra tool you have to test out, if and when the time is right. Try out various deals to see how little of a discount it will take to convert users so that it’s a mutual win for both your business and your customers.

Image via giphy

Now you know Facebook offer ads—how to set them up, how to use them effectively, and how to reach audiences throughout your funnel to grow your business. So, go forth, set them up, and get people shopping on and offline by offering them a deal!