Hundreds of millions of Facebook users’ passwords were stored in plain text, completely searchable by Facebook employees for years.
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
Shortly after KrebsOnSecurity published its story, Facebook posted its own statement by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.” Read more…
More about Facebook, Instagram, Cybersecurity, Passwords, and Password Security