Facebook said Thursday that an internal security review found the passwords of hundreds of millions of users had been stored on company servers without encryption, but that no passwords were leaked and the company has found no indication the sensitive data was improperly accessed.
The issue was first reported by security researcher Brian Krebs, who published a blog post Thursday detailing that Facebook employees built applications that captured the passwords of users and stored them as plain text, meaning a password would be readable just the same as it is entered to log in.
Shortly after Krebs published his post, Facebook issued its own poston the security issue.
"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."
The company said it will be notifying all affected users as a precaution.
Our IP Address: