Facebook, Inc. (NASDAQ: FB) stored anywhere from 200 million to 600 million users’ passwords in plain text and was searchable by more than 20,000 employees, according to a report by Krebs on Security.
Facebook confirmed the report by Krebs saying that in a routine security check in January the Company realized that some user passwords were being stored in a readable format within Facebook’s internal data storage system.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.” said Pedro Canahuati, Facebook Vice President of Security and Privacy in a press release.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them. We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.” added Canahuati.
Facebook didn’t specify how many users were affected, but said it will begin to notify users so they can change their passwords. Facebook also highlighted a procedure and steps to take to keep users’ accounts safe and protected.
Facebook’s password privacy concern comes shortly after a criminal probe was launched last week. The investigation will look into a report about Facebook sharing data with at least two tech companies, a smartphone and device maker. Reports suggests that a grand jury in New York has already subpoenaed records from those two companies.
The reports also said that Facebook shared over hundreds of millions of users’ data with these companies. Specifically, the data accessed revealed users’ friends, contact information, and other data without their consent.
Among Facebook’s partners, it also includes major tech firms such as Amazon (NASDAQ: AMZN), Apple (NASDAQ: AAPL), Microsoft (NASDAQ: MSFT), and Sony (NYSE: SNE).
Facebook’s repeated privacy scandals has concerned many users as well as investors, causing its stock price to fall by 21.3% since it’s all-time high last year in July.
Facebook Chief Executive Officer Mark Zuckerberg said in a post regarding the criminal probe that he will move the Company to offer a more private and encrypted service for its users. Zuckerberg wants to allow Facebook users to securely send messages to another without it having been saved or accessed by someone else.