Facebook announced on Thursday that “hundreds of millions” of users’ passwords had been stored in unprotected plain text accessible by the company’s employees, KrebsOnSecurity has learned.
In a blog post titled, “Keeping Passwords Secure,” the social media giant said it had found no reason to believe the trove of passwords had been abused by its workers or accessed by anyone outside the company.
“There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” Pedro Canahuati, the company’s vice president for engineering security and privacy, wrote in the post.
Facebook’s password woes come amid a tough month for the social network. Last week, The New York Times reported that federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world’s largest tech companies.
Earlier in March, Facebook came under fire from security and privacy experts for using phone numbers provided for security reasons — like two-factor authentication — for other things (like marketing, advertising and making users searchable by their phone numbers across the social network’s different platforms).