- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store 4 Months Ago
- Emoji Mashup Bot gives life to unidentifiable emotions 4 Months Ago
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series 4 Months Ago
- Charlottesville attacker’s Twitter account included praise for Hitler Today 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Today 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Today 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Today 11:32 AM
- Cop under investigation after implying Ocasio-Cortez should be shot Today 11:07 AM
- The ‘Big Little Lies’ finale sucked—but at least we have Renata Today 11:01 AM
- Wendy Davis announces she’s running for Congress Today 10:45 AM
- Please stop being horny on main for #IceBae and other horrible people Today 10:02 AM
- Illinois Republicans share ‘jihad squad’ meme of 4 Dem congresswomen Today 9:05 AM
- How a deepfake gets made Today 8:25 AM
- How to watch ‘Veronica Mars’ season 4 online Today 8:21 AM
- The MCU’s Phase 4 is all about Marvel getting weird Today 7:07 AM
Stock Catalog/Flickr (CC-BY)
Facebook passwords for hundreds of millions of users were stored unencrypted and accessible to employees for at least seven years.
The incident, first reported by KrebsOnSecurity, is believed to have affected anywhere between 200 million and 600 million users.
As many as 20,000 employees had access to the plaintext passwords, which were stored on internal company servers.
KrebsOnSecurity also wrote that a Facebook source indicated that roughly 2,000 company engineers and developers made “nine million internal queries for data elements that contained plain text user passwords.”
Facebook confirmed the issue in a blog post on Thursday and stated that the problem was discovered last January as part of a routine security review.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” stressed Facebook’s Pedro Canahuati, VP of engineering, security, and privacy.
While the statement failed to provide specifics, Facebook estimates that it will have to notify “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
The company says it will not force password resets but anyone concerned about the security of their account can change their password and enable two-factor authentication.
The password incident comes as Facebook attempts to rebrand itself as a privacy-conscious company following months of continuous scandals.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.