Millions of unencrypted Facebook passwords were accessible by more than 20,000 employees, the social media giant has admitted.
A data protection failure going back as far as 2012 saw up to 600m passwords stored in plain text, according to security researcher Brian Krebs.
The company said it will notify “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram Users” about the breach.
Facebook added that the security failure, which was discovered by the firm in January, had not been internally abused by employees, and that the passwords were not visible to anyone outside of the company.
In a statement the company said: “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
The breach is the latest issue in a period of trouble for the tech company over the way it gathers and stores users’ data.
The information of around 50m users was exposed following a security flaw in September, and Cambridge Analytica was found to have used the site to harvest data.