Facebook had stored millions of user passwords in plain text for years, the social media company confirmed on Thursday after a security researcher posted about the issue online.
Facebook says there is no evidence that employees had abused access to this data.
"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said in a blog post.
Password of 600 million users stored
The incident reveals a huge oversight for the company amid a slew of bruises and stumbles in the last couple of years.
The security blog KrebsOnSecurity says some 600 million Facebook users may have had their passwords stored in plain text.
Facebook said in a blog post on Thursday it will likely notify "hundreds of millions" of FacebookLite users, millions of Facebook users and tens of thousands of Instagram users.