Facebook left hundreds of millions of users’ password in plain text

The Tech giant Facebook, after undergoing a lot of problems with issues related to its security and privacy, recently stated that it had left “hundreds of millions” of users’ passwords exposed in plain text. The exposed passwords are said to be potentially visible to nearly 20,000 company employees.

The incident was first revealed by the Krebs on Security blog, which estimated the total number of the affected users to be between 200 million and 600 million. Facebook declined to confirm this estimate and said that the passwords were stored in an internal database, accessible to some of the company employees only. The passwords were not visible to anyone outside the company. Facebook said that they have no evidence that its employees “internally abused or improperly accessed the exposed data.”

Generally, for such a big tech giant, users’ passwords are stored using a special technique called hashing which makes them unreadable. But a security review in January found that Facebook actually stored them in a readable format. Facebook’s vice-president, Pedro Canahuati said in a blog post that, “we have fixed these issues and as a precaution, we will be notifying everyone whose passwords we have found were stored in this way.”


The exposed data affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. This is not the first time Facebook has faced security and privacy issues. Earlier on October, 29 million accounts were accessed by a hacker to access personal information after stealing login tokens. The company needs to change its practices or else they might face strict actions against them in the future.