(Image source: Facebook)
According to Krebs on Security, a blog that focuses on computer security, Facebook has stored the passwords of hundreds of millions of users in plain text for years.
In doing so, anyone who has access to the files can view them. Worse of all, some users have had their passwords stored this way for many years, in some cases going as far back as 2012.
Facebook has since confirmed the issue and said:
As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.
Indeed, most websites typically store user passwords using a technique known as hashing but errors caused certain Facebook-branded apps to store users' passwords unencrypted.
In an attempt to alleviate fears, Facebook said that there's no evidence that these passwords were exposed outside of the company. However, Krebs on Security said that access logs showed at least 2,000 Facebook employees who had access to the files searched through them - though it is not clear what for.
To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.
As such, Facebook will not be forcing a password reset on affected users. However, they will notify users who are affected.
Source: Krebs on Security, Facebook
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.