Facebook Inc. disclosed a flaw on its social network that made passwords of hundreds of millions of users visible to employees and said the issue has now been fixed.
During a security review in January, Facebook found that the passwords were stored in a readable format, against its security procedures, but that they were never visible to anyone outside of the company. Most of the accounts affected were using Facebook Lite, a version of the app designed for emerging markets. The company said it hasn’t found evidence this access was abused.
Facebook disclosed the problem after the security blog KrebsOnSecurity learned about it from an internal source. Krebs said the issue dated back to 2012 in some cases.
“The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees,” KrebsOnSecurity wrote.