Facebook Employees for Years Could See Millions of User Passwords in Plain Text

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

An internal Facebook investigation has found between 200 million and 600 million of its users may have had their account passwords stored in plain text for years, meaning they could have been searched and accessed by more than 20,000 Facebook employees.
The issue was first reported by KrebsOnSecurity, which cites a senior Facebook employee familiar with the ongoing investigation saying archives have been found with unencrypted user passwords dating back to 2012. Investigators are still working to determine the total number of user passwords affected and length of time they were exposed.
Facebook reports the problem was detected in January during a routine security review, when it saw some passwords were being stored in readable format on internal data storage systems.
In a blog post, Pedro Canahuati, vice president of engineering, security and privacy at Facebook, says the companys login systems are designed to mask passwords using tactics that make them unreadable. He says the passwords were not visible to anyone outside Facebook and there is no evidence anyone within the company abused or improperly accessed passwords. Further, Facebook has fixed the issue and will notify people whose passwords were found unencrypted.
We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users, Canahuati says. Because theres no indication passwords were exposed, users wont be required to change them.
The anonymous source
who spoke with
KrebsOnSecurity says Facebook access logs indicate about 2,000 engineers or developers made some nine million internal queries for data elements with plain text passwords. While theres no sign of abuse, its still unclear why they did this.
Read more details
here
.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Facebook Employees for Years Could See Millions of User Passwords in Plain Text