Facebook has acknowledged that it stored hundreds of millions of user passwords in plaintext files for years. What’s even worse is that the file was accessible to Facebook employees.
This incident came in light after cybersecurity journalist Brian Krebs published a report on Thursday. The report confirmed that the security blunder dates back to 2012. He mentioned that between 200 million and 600 million user accounts were affected. Their passwords in plain text were stored on Facebook’s internet server and close to 20,000 Facebook employees had access to the files. He also mentioned that an estimated 9 million queries were made against the database that contained plaintext user passwords.
Soon after this report came, Facebook also published a blog post claiming that the flaw was discovered in January. The company also claims that it found no evidence anyone internally abused or improperly accessed the data. But you could only believe on Facebook if you really trust the company.
Facebook now says that it will notify those “hundreds of millions” of affected users of Facebook Lite, “tens of millions” of regular Facebook users, and “tens of thousands” of Instagram users about the issue and will ask them to change the passwords.
It is also worth noting that Facebook claims to find the issue in January but promised to notify users only after this incident came into the