Facebook on Thursday acknowledged having stored hundreds of millions of user passwords in plain text when they should have been encrypted. This followed a report from cybersecurity journalist Brian Krebs that said this has been happening "in some cases going back to 2012." Krebs reported that "between 200 million and 600 million" users have been affected. In a blog post, Facebook didn't provide an exact number but said it would notify "hundreds of millions" of affected Facebook and Instagram users. These unencrypted passwords were reportedly searchable in a database that could be accessed by 20,000 Facebook employees. Facebook says it discovered this during a security review in January but found "no evidence to date that anyone internally abused or improperly accessed the passwords."
need to know now