Facebook will notify users whose passwords were stored in a way that could have been in a readable format within its internal data storage system.
In a news release, Pedro Canahuati, vice-president of engineering, security and privacy, said Facebook found several user passwords were being stored in this readable format.
The security flaw was caught during a routine security review conducted in January, he said.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found were stored in this way,” he said.
Canahuati said the social media giant will be contacting hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.
He clarified that the passwords “were never visible to anyone outside of Facebook” and there was no evidence that anyone internally has abused or improperly accessed them.
“There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he wrote.