Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access

by

Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.

As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.

facebooksecurity
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.

Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.

Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.

"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.

Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.

Tag: Facebook

Popular Stories

Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article66 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article99 comments
maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article180 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
airpods color prototypes

Apple Tested AirPods in Bright Colors

Saturday December 27, 2025 6:06 am PST by
Apple reportedly tested a version of the first-generation AirPods with bright, iPhone 5c-like colored charging cases. The images, shared by the Apple leaker and prototype collector known as "Kosutami," claim to show first-generation AirPods prototypes with pink and yellow exterior casings. The interior of the charging case and the earbuds themselves remain white. They seem close to some...
Read Full Article77 comments
maxresdefault

10 Mac Apps Worth Trying in 2026

Wednesday December 24, 2025 9:27 am PST by
2026 is almost upon us, and a new year is a good time to try out some new apps. We've rounded up 10 excellent Mac apps that are worth checking out. Subscribe to the MacRumors YouTube channel for more videos. Alt-Tab (Free) - Alt-Tab brings a Windows-style alt + tab thumbnail preview option to the Mac. You can see a full window preview of open apps and app windows. One Thing (Free) -...
Read Full Article101 comments
top stories 2025 12 27

Top Stories: iPhone Fold Mockup, Where's the New Apple TV?, and More

Saturday December 27, 2025 6:00 am PST by
Merry Christmas and Happy Holidays from MacRumors! News in the Apple world has unsurprisingly been relatively slow over the past week, but Apple's upcoming foldable iPhone managed to make its way back into the news, while we also shared updates on current and future Apple TV news. iOS 26.3 will be bringing some new features, particularly for users in the EU, so we'll look for additional...
Read Full Article16 comments

Top Rated Comments

dannyyankou Avatar
dannyyankou
89 months ago
Delete Facebook and delete your accounts
Score: 104 Votes (Like | Disagree)
wesleypitts Avatar
wesleypitts
89 months ago
How is this company not being criminally prosecuted?
Score: 84 Votes (Like | Disagree)
JimmyBanks6 Avatar
JimmyBanks6
89 months ago
While many are saying "is anyone surprised" I actually am at this.

This is one of the largest corporations in the world, whose sole business is its internet applications, and they ignored one of the most basic security expectations of hashing a password?

That is absolutely surprising and shameful and there is no excuse from them that is acceptable.
Score: 47 Votes (Like | Disagree)
AngerDanger Avatar
AngerDanger
89 months ago
Consider my mind blown.

Score: 35 Votes (Like | Disagree)
1050792 Avatar
1050792
89 months ago
I'm shocked at Facebook's lack of security!
Said nobody.
Score: 34 Votes (Like | Disagree)
johnalan Avatar
johnalan
89 months ago
Disgusting.


Use privacy enhancing tech or pay the price, in future privacy will be currency.

* GPG
* Veracrypt
* Monero
* VPN
* DuckDuckGo
* Pi.hole
Score: 31 Votes (Like | Disagree)
Read All Comments