- Fortnite streamer Tfue sues gaming organization FaZe Clan over contract dispute Today 12:28 AM
- Report finds some users can’t opt out of Facebook’s face recognition Monday 7:27 PM
- Get emotional over this real-life pastor baptizing an anime girl in virtual reality Monday 6:53 PM
- Twitter wants to know what Jack in the Box did to offend Kim Kardashian Monday 6:38 PM
- ‘Game of Thrones’ meme claims King’s Landing is an ‘inside job’ Monday 6:06 PM
- Report: Personal data of 49 million Instagram influencers exposed online Monday 4:57 PM
- ‘Stranger Things’ season 3 trailer teases a wet, hot American summer Monday 4:02 PM
- What Daenerys’ biggest ‘Game of Thrones’ scenes have in common with Nazi propaganda Monday 3:12 PM
- Here’s what’s coming to Amazon Prime in June Monday 2:11 PM
- Where did Jon Snow go? Unpacking the ‘Game of Thrones’ ending Monday 2:04 PM
- So, did anyone actually win ‘Game of Thrones’? Monday 1:29 PM
- The surprising religious subtext of ‘John Wick: Chapter 3’ Monday 12:53 PM
- Robin Arryn got hot—and the internet is seriously shook Monday 12:40 PM
- Tana Mongeau is going to VidCon a year after TanaCon disaster Monday 12:12 PM
- What have 2020 Democrats said about Alabama’s abortion ban? Monday 11:36 AM
Stock Catalog/Flickr (CC-BY)
Facebook passwords for hundreds of millions of users were stored unencrypted and accessible to employees for at least seven years.
The incident, first reported by KrebsOnSecurity, is believed to have affected anywhere between 200 million and 600 million users.
As many as 20,000 employees had access to the plaintext passwords, which were stored on internal company servers.
KrebsOnSecurity also wrote that a Facebook source indicated that roughly 2,000 company engineers and developers made “nine million internal queries for data elements that contained plain text user passwords.”
Facebook confirmed the issue in a blog post on Thursday and stated that the problem was discovered last January as part of a routine security review.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” stressed Facebook’s Pedro Canahuati, VP of engineering, security, and privacy.
While the statement failed to provide specifics, Facebook estimates that it will have to notify “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
The company says it will not force password resets but anyone concerned about the security of their account can change their password and enable two-factor authentication.
The password incident comes as Facebook attempts to rebrand itself as a privacy-conscious company following months of continuous scandals.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.