KrebsonSecurity first broke the news on Tuesday that 200 million to 600 million users could have had their passwords stored in plain text, citing a source from inside Facebook.
Canahuati said Facebook has now fixed this particular issue, as well as some problems the company has discovered in other security features, such as the code by which users log in through other apps.
"This caught our attention because our login systems are created to mask passwords using techniques that make them unreadable", he added. "In this situation what we've found is these passwords were inadvertently logged but that there was no actual risk that's come from this".
Thankfully, Facebook says there is no evidence this security breach was exploited by any nefarious individuals.
Facebook software engineer Scott Renfro went on record with Krebs, saying that the firm doesn't have the exact numbers, including the number of employees who could have accessed the passwords. But according to Krebs, in some cases the passwords had been stored in plain text since 2012.
Facebook disclosed the problem after the security blog KrebsOnSecurity learned about it from an internal source.
He added: "Right now they're working on an effort to reduce that number even more by only counting things we have currently in our data warehouse".
He also mentioned use of other features Facebook offers to prevent someone from using stolen user credentials to log in to its services-including two-factor authentication (2FA) through the mobile application or via text message, or the use of a USB security key.
The fact that the company couldn't manage to do something as simple as encrypting passwords, however, raises questions about its ability to manage more complex encryption issues - such in messaging - flawlessly.
While an investigation has been started, it is not yet clear precisely how many account passwords are involved or exactly how long they were stored in this way. Oftentimes, they will "hash" the password, running it through a cryptographic program that spits out a different string of characters, and store that instead.
Last week, Facebook CEO Mark Zuckerberg touted a new "privacy-focused vision" for the social network that would emphasize private communication over public sharing.