This time, the company acknowledges that it mishandled sensitive passwords for hundreds of millions of its users, primarily those who use its Facebook Lite product. The disclosure casts doubt on the company’s abilities to protect its users’ information as it focuses more on privacy.
On Thursday, Facebook (FB) said it didn’t properly mask the passwords of hundreds of millions of its users and stored them as plain text in an internal database that could be accessed by its staff.
The company said it discovered the exposed passwords during a security review in January and launched an investigation. Facebook did not say how long it had been storing passwords in this way.
Facebook shared information about the security incident publicly soon after it was first reported by Krebs on Security.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” Pedro Canahuati, a Facebook vice president wrote on Thursday in a post titled, “Keeping Passwords Secure.”
