Facebook Stored Hundreds of Millions Passwords in Plain Text, Thousands of Employees Had Access
Facebook today announced that during a routine security review it discovered "some user passwords" were stored in a readable format within its internal data storage systems, accessible by employees.
As it turns out, "some user passwords" actually means hundreds of millions of passwords. A Facebook insider told KrebsOnSecurity that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included, and Facebook claims many of the passwords came from Facebook Lite users.
Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, but KrebsOnSecurity's source says 2,000 engineers or developers made around nine million internal queries for data elements that contained plain text user passwords.
Facebook employees reportedly built applications that logged unencrypted password data, which is how the passwords were exposed. Facebook hasn't determined exactly how many passwords were stored in plain text, nor how long they were visible.
Facebook plans to notify users whose passwords were improperly stored, and the company says that it has been looking at the ways certain categories of information, such as access tokens, are stored, and correcting problems as they're found.
"There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook," reads Facebook's blog post.
Facebook and Instagram users who are concerned about their account security should change their passwords, using unique passwords that are different from passwords used on other sites. Facebook also recommends users enable two-factor authentication.
Popular Stories
Apple is planning to launch new MacBook Pro models as soon as early March, but if you can, this is one generation you should skip because there's something much better in the works.
We're waiting on 14-inch and 16-inch MacBook Pro models with M5 Pro and M5 Max chips, with few changes other than the processor upgrade. There won't be any tweaks to the design or the display, but later this...
Wednesday February 11, 2026 10:07 am PST by
Juli CloverApple today released iOS 26.3 and iPadOS 26.3, the latest updates to the iOS 26 and iPadOS 26 operating systems that came out in September. The new software comes almost two months after Apple released iOS 26.2 and iPadOS 26.2.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.
According to Apple's release notes, ...
Apple plans to release an iPhone 17e and an iPad Air with an M4 chip "in the coming weeks," according to the latest word from Bloomberg's Mark Gurman.
"Apple retail employees say that inventory of the iPhone 16e has basically dried out and the iPad Air is seeing shortages as well," said Gurman. "I've been expecting new versions of both (iPhone 17e and M4 iPad Air) in the coming weeks."...
The MacBook Air is Apple's most popular laptop – a thin, fanless machine that wields quiet power thanks to the efficiency of Apple silicon. While the M4 model isn't exactly old, attention is already turning to its successor.
Apple doesn't telegraph new product launches ahead of time, but we can draw a surprisingly clear picture of what to expect by looking at Apple's silicon roadmap,...
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld.
The report said the iPhone 17e will be announced in a press release on the Apple Newsroom website, so do not expect an event for this device specifically.
The iPhone 17e will be a spec-bumped successor to the iPhone 16e. Rumors claim the device will have four key...
