Facebook announced that they learned that the passwords of hundreds of millions of users were stored in plain text during a security review conducted in January. The company immediately fixed the issue once it was discovered.
"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, Facebook's Vice President of Engineering for Security and Privacy wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."
Security researcher Brian Krebs broke the news on his blog, shortly before Facebook's announcement. He said that a Facebook employee told him that between 200 and 600 million passwords were stored in the database, and that around 20,000 people had access to it.
The social media company said that they have "found no evidence to date that anyone internally abused or improperly accessed" the passwords. Facebook plans to notify users of the issue and suggests that they change their password as a precaution.
“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Facebook software engineer Scott Renfro told Krebs. “In this situation what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”
Photo: Getty Images