The Associated Press reports:
Facebook left millions of user passwords readable by its employees for years, the company acknowledged Thursday after a security researcher exposed the lapse. By storing passwords in readable plain text, Facebook violated fundamental computer-security practices.
Those call for organizations and websites to save passwords in a scrambled form that makes it almost impossible to recover the original text.
The security blog KrebsOnSecurity said Facebook may have left the passwords of some 600 million Facebook users vulnerable. In a blog post, Facebook said it will likely notify “hundreds of millions” of Facebook users that their passwords were stored in plain text.