Facebook's security issue left passwords open to up to 20,000 company employees, and according to KrebsOnSecurity, "access logs showed some 2000 engineers or developers made approximately 9 million internal queries for data elements that contained plain-text user passwords". However, none of them will be required to change their password as all of the plain text is in safe hands now, yet as a safety precaution "You can change your password in your [device] settings on Facebook and Instagram" and "Avoid reusing passwords across different services", said Canahuati. Folks are encouraged to choose strong, complex, and preferably unique phrases, and enable two-factor authentication when possible.
Facebook usually uses techniques like hashing and salting to encrypt sensitive data types like passwords, however, it didn't follow these techniques with this bunch of inadvertently logged passwords that was accessible to hundreds of Facebook employees and that too in plain text. At 14 million people, the attackers were able to view according to the company, including personal data, posted on Facebook - such as gender, relationship status, place of residence, date of birth, or recently visited places.
Krebs said that the company has been storing these passwords without securing them since 2012. Facebook Lite users (the lightweight version for slow-speed, low-spec devices), Facebook users and Instagram users will be notified. The company's internal investigation claimed to find no evidence of password-related impropriety. "There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook".
Trust in Facebook is already deeply down, and has been for the past year since the Cambridge Analytica scandal broke in 2018.
The Company admitted notifying affected users.
Facebook announced in December it exposed the private photos as many as 6.8 million users without their permission. However, it is surprising that someone like the social network giant Facebook has been so careless in this regard since the protection of passwords is something vital. Specifically, Facebook stored "hundreds of millions" of passwords in plain text.
GitHub and Twitter were hit by a similar, but independent, bug a year ago.