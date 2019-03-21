Facebook's (FB -0.6%) on the move again, dipping into the red, as the Krebs On Security site reports that the company stored hundreds of millions of user passwords in plaintext for years.
That's a departure from conventions where password data is encrypted.
There's an ongoing investigation into how employees were able to build applications to log unencrypted password data and store it in plaintext on internal servers.
A company source tells the site that some 200M-600M Facebook users may have had their passwords stored in that manner, and searchable by more than 20,000 company employees.
Facebook says the probe has so far found no indication that employees have abused access to the data.
Updated 12:33 p.m.: Facebook responds. "As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. ... We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way." It estimates it will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Shares are down 0.3%.
