A slew of Facebook employees had access to anywhere between 200 million and 600 million user passwords, dating back to 2012, according to cybersecurity journalist Brian Krebs and reported by CNBC.
The passwords were stored without encryption and viewable in plain text to thousands of company employees. Facebook confirmed the cybersecurity journalist’s findings in a blog post.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage system,” Facebook wrote in a statement to CNBC. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we found we stored this way.”
Facebook’s blog post did not state the exact number of users affected. A company software engineer said no information has been misused and said, “there was no actual risk that’s come from this.”
The social media company started notifying users March 21 and has 72-hours to notify the affected.