Facebook has conducted a routine security review and found that passwords for hundreds of millions of users were stored in plain text and visible to the company’s employees.
The social media platform said in a blog post that these passwords were never visible to anybody outside of Facebook, and it found no evidence that anyone internally abused or improperly accessed them.
Facebook said it has fixed the issue, which it attributed to a problem with its login system that is designed to mask passwords – adding that it would notify everyone whose passwords were stored in plain text and made accessible to the company’s employees.
“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” the company said.
Affected users can change their passwords and enable two-factor authentication to keep their account secure.