Facebook confirmed Thursday that hundreds of millions of user passwords were being stored in a “readable format” within its servers, accessible to internal Facebook employees. Affected users will be notified, Facebook said, so they can change those passwords.
Interestingly, Facebook downplayed and confirmed the problem in the same post, filed Thursday, after researcher Brian Krebs issued his own report. Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.