Hundreds of millions of Facebook passwords were left unencrypted and visible to internal employees—the latest in a series of privacy concerns at the social network.
Facebook confirmed the reports Thursday, saying it had fixed the issues and it did not believe anyone outside the company had accessed the information, nor had it found any evidence the data was improperly accessed internally.
However, the company said, it will send notifications to anyone whose passwords were stored in this manner, but won’t require they be reset.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” said Pedro Conahuati, vice president of engineering, security and privacy, in a blog post. “Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.”
The confirmation followed a report from cybersecurity reporter Brian Krebs, who estimates between 200 million and 600 million users might have had their account passwords “stored in plain text and searchable by more than 20,000 Facebook employees”
Facebook has been the subject of several privacy breaches in the past year, including a security flaw in December that affected 6.8 million users. Founder and CEO Mark Zuckerberg has vowed to improve privacy on the service, but that hasn’t soothed angry users, some of whom are suing Facebook and many of whom are deleting their accounts.