Facebook says it exposed hundreds of millions of passwords

Facebook improperly stored hundreds of millions of its users’ passwords internally in a readable format, the company said on Thursday, in a revelation that will further heighten concerns about the privacy of its users’ information.

The world’s largest social network said in a blog post that during a routine review in January it had found the flaw in its internal data storage systems, adding that the company had now fixed the issue.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” Pedro Canahuati, vice-president of engineering, security and privacy, said.

Mr Canahuati’s post was published shortly after a blog by cyber security journalist Brian Krebs first reported on the incident, citing a Facebook source who said that the account passwords of between 200m and 600m users may have been searchable by more than 20,000 Facebook employees. 

Mr Krebs claimed that some of these passwords were available in plain text as far back as 2012.