According to a report on Krebs on Security, Facebook has been storing hundreds of millions of user passwords in plain text for years, exposing them to anyone with internal access to the files. The passwords are normally protected with encryption, but a series of errors led to Facebook-branded apps exposing users’ passwords to the tech giant’s 20,000 employees.
Facebook has confirmed this in a blog post yesterday titled Keeping Passwords Secure. The company revealed that it has affected “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.” The issue was identified in January during a security review, and has since been fixed. The social media giant insists that there’s no evidence showing that the plain text passwords were abused internally or exposed outside of the company. They also said users won’t be required to reset their passwords. However, at least 2,000 Facebook employees had searched through the password files — for reasons unknown — so you’d probably want to change your password regardless of Facebook’s statement.
In other social media news, check out how this coder faked his Instagram account to amass 28,600 followers and a bunch of free meals.