Skip to main content

Facebook stored millions of passwords in plain text

(Image credit: Image Credit: Alexey Boldin / Shutterstock)

Facebook has been storing hundreds of millions of passwords for both Facebook and Instagram in plain text on its servers

This was announced by KrebsOnSecurity, which revealed an undisclosed number of Facebook employees were working on different apps in the Facebook ecosystem, and in that work, somehow managed to create a database of user passwords, which were stored, unencrypted, on company servers.

From what we know so far, some 20,000 people potentially have had access to this database - but we do know that this opportunity was not abused. 

At least that's what Facebook software engineer Scott Renfro told KrebsOnSecurity. Another KrebsOnSecurity’s insider (an unnamed one) added that some 2,000 engineers and devs made some nine million internal queries for data elements that contained passwords in plain text.

The passwords (between 200 and 600 million) go way back to 2012 in some instances.

Facebook was relatively quick to react, saying it will notify its users of what happened. Facebook Lite users (the lightweight version for slow-speed, low-spec devices), Facebook users and Instagram users will be notified.

It reiterated that no one outside Facebook has had access to this database and so far, it seems as no one from inside Facebook abused the ‘privilege’. However, it’s better to be safe than sorry, so you might as well change your password.

Image Credit: Alexey Boldin / Shutterstock