It’s time to change your Facebook password: Facebook employees had access to millions of user passwords, new report confirmed

Apparently, Facebook stored hundreds of millions of it users account passwords in plain text for years. These passwords are available and searchable by thousands of Facebook employees — in some cases going back to 2012.

According to latest finding Thursday first reported by cybersecurity journalist Brian Krebs, Facebook stored “hundreds of millions” of account passwords without encryption and viewable as plain text to tens of thousands of company employees. The social giant later confirmed the report in a blog post on its website. The incident could have affected as many as 600 million users, a significant portion of Facebook’s user base of 2.7 billion people.

KrebsOnSecurity said that “Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.”

In a post by Pedro Canahuati, Facebook VP Engineering, Security and Privacy, Facebook found that some user passwords were being stored in a readable format within our internal data storage systems as part of a routine security review in January. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” Canahuati added.

Citing Facebook insider, Brian said that “access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.”  He went on to say: “The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”