Facebook has admitted to leaving the passwords of up to 600 million Facebook and Instagram users readable by its employees for years. Cybersecurity journalist Brian Krebs first alerted the general public to the vulnerability and believes that in some cases the passwords stored in plain text date back to 2012.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” wrote Pedro Canahuati, VP of Engineering, Security and Privacy for Facebook.
Security expert Troy Hunt of ‘haveibeenpwned.com’, the world’s largest data breach website said that the situation may be embarrassing for Facebook, but that there’s no serious or practical impact.
It is recommended that you immediately change your Facebook password instead of waiting for an email from Facebook.