Facebook reveals employees had access to millions of user passwords

In a recent report, Kerbs On Security cited a senior-level Facebook employee to confirm that the social network kept millions of user passwords in a readable text format.

Normally, passwords are hashed with a cryptographic key to prevent them from being accessed or read.

But, in this case, a string of security errors associated with Facebook's products led to the passwords being logged internally.

Following the shocking revelation, Facebook issued a statement confirming the issue.

The company didn't give exact numbers but said "hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" may have had their passwords exposed.

Meanwhile, the source speaking to Kerbs said between 200 million and 600 million people may have been affected.

Facebook discovered the unencrypted password log as part of a routine security review in January.

Then, it patched the issues and started an investigation to understand the true scale of the exposure.

In its statement, the company claimed the passwords were not exposed to anyone outside of Facebook and there's no evidence that anyone on the inside had abused the access given inadvertently.

Even if readable passwords were stored on Facebook's internal servers, this is still a pretty big concern.

The company has more than 20,000 employees and access logs suggest that at least 2,000 of them (mostly engineers or developers) searched through the files containing passwords dating back to 2012.

These people made approximately 9 million queries, although their exact reason remains unclear.