http://www.digitaljournal.com/tech-and-science/technology/facebook-internally-exposes-millions-of-passwords/article/545859

Facebook internally exposed millions of passwords

Posted Mar 21, 2019 by Tim Sandle
A security researcher has discovered that the passwords of millions of Facebook users have been accessible by up to 20,000 employees of the social network, resulting in a major internal security lapse.
Facebook said it took down accounts from users concealing their identities and seeking to influence ...
Facebook said it took down accounts from users concealing their identities and seeking to influence political discourse in Britain and Romania
LOIC VENANCE, AFP/File
Security researcher Brian Krebs has discovered a significant data protection failure at Facebook. This resulted in some 600 million passwords being stored in plain text. This is not a recent issue, for the passwords exposed could date back to 2012. These passwords have potentially been searchable by more than 20,000 Facebook employees.
On his website, Krebs writes: "My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords."
It had been thought it was Facebook's practice to mask people's passwords by replacing them with random characters, and then tucking away software keys that are needed to make sense of the jumble.
READ MORE: Massive email data breach at Verification.io
According to the BBC, Facebook has responded to state that it has resolved what it is terming, euphemistically, as a "glitch". Facebook infers that it has corrected the way that passwords should be stored on its internal network. The company also said it will be notifying affected users.
A Facebook spokesperson has said: "These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them."
This reassurance aside, Facebook is also also investigating the causes of a series of security failures whereby its employees built applications that logged unencrypted password data for Facebook users.
Motherboard reports that Facebook is not the only social media company to have made such such a mistake. Recently, both GitHub and Twitter admitted having exposed passwords in plaintext within their systems.