Report: Facebook Stored ‘Hundreds of Millions’ of Users Passwords Without Encryption

The Associated Press
Marcio Jose Sanchez/AP

According to a recent report, Facebook recently confirmed that it mistakenly stored “hundreds of millions” of users passwords in plaintext without any form of encryption, leaving them vulnerable to hackers, and visible to 20,000 company employees.

Motherboard reports that the Silicon Valley giant has confirmed that “hundreds of millions” of user passwords were stored in a “readable format” meaning that as many as 20,000 company engineers and employees could easily view the passwords of users. Facebook stated in a press release that the bug was discovered during a “routine security review in January.”

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” the company wrote in the press release. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.”

Independent security journalist Brian Krebs reported that anywhere between 200 to 600 million users could be affected by the issue, with some passwords in the archive dating back to 2012. This is just the latest in a long line of Facebook security breaches which have affected the company over the past few years, the most notable being the Cambridge Analytica scandal in which the accounts of 87 million Facebook users were left vulnerable.

During a hearing before the Senate, Facebook CEO Mark Zuckerberg was asked if Facebook employees could access a users account directly. Zuckerberg stated at the time: “Technically, I think somebody could do that. But that would be a massive breach. So we would never do that.”

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or email him at


Please let us know if you're having issues with commenting.