Facebook admitted that for some time kept the user passwords in plain text on the company’s internal servers. Access was only for employees. Affected hundreds of millions of Facebook Lite accounts, tens of millions – Facebook, tens of thousands – Instagram.
Users affected by this leak will receive a notification from Facebook.
Security specialist Brian Krebs specifies the scale of the incident: passwords have been available for several years to 20,000 Facebook employees. Some have been stored in plain text since 2012.
Facebook did not find evidence that any of the employees abused their access to confidential data. Now the developers have repaired everything, and the stored passwords are properly encrypted.
The company reminds that it tracks all cases of authorization. If this happened from an unfamiliar device or in an unfamiliar place, the system will prompt the user to answer additional questions for verification. You can subscribe and receive notifications about such strange authorizations.