Facebook has logged the passwords of 200 million to possibly 600 million users for years in plain text and stored them on internal servers. As a result, more than 20,000 employees of the company were able to search it.
The unencrypted storage happened due to a series of security flaws in applications that logged the passwords. An anonymous Facebook employee told Krebs on Security that. Internal logs would show that two thousand employees have made about nine million queries regarding the passwords.
The company is looking for exact causes that led to the security vulnerabilities. The analysis showed that the oldest passwords were created in 2012. It is not clear on which date the latest passwords were created.
Facebook confirms the storage of the unencrypted passwords and has informed hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users about the incident. Facebook will not force users to change their passwords. The company would have no indications of abuse and emphasizes that these could only be viewed internally.
The issues came to light in January this year when security engineers reviewed new code. The analysis revealed that the passwords were accidentally logged in plain text.