Facebook has admitted on Thursday in a blog post, that it stored hundreds of millions of users’ passwords on their internal servers and due to a security slip those passwords were visible to the company’s staff.
The flaw in the system was uncovered during a routine security review in January. The vice president of engineering, security, and privacy Pedro Canahuati said;
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them”.
But according to the Krebs report, the passwords of about 600 million users were searchable to almost 20,000 engineers, developers and other staff members making every account’s data extremely vulnerable.
The social media giant is expected to notify tens of thousands of Facebook users, Facebook Lite users and Instagram users whose passwords may have been vulnerable to the prying eyes, as said in the Facebook’s blog post. The Krebs report also uncovered the fact that in some cases, the archives containing user passwords were found dating back to the year 2012.
This is not the first time Facebook had faced a security issue like that, last year in September, due to a breach in the website’s security, private photos of about 6.8 million users were exposed to the developers. Then in October 2018, due to a hack in Facebook’s system, the data of about 50 million social media account were affected. And this is not even the end of it, according to a report Facebook gave access of about 50 million accounts to a voter profiling company, Cambridge Analytica, which worked for Trump’s 2016 presidential election campaign.