Facebook engineers built applications that stored unencrypted passwords on internal servers which could be searched by over 20,000 employees.
It looks as though Facebook is in hot water once again today as it has been revealed up to 600 million Facebook users had their passwords stored in plain text on the social network’s internal servers as far back as 2012.
As KrebsonSecurity reports, a Facebook source who asked for anonymity confirmed that between 200 and 600 million users had their passwords stored free of encryption on the company’s servers. The data was being collected by a number of applications, leaving them available to view in plain text. The internal servers are accessible by over 20,000 employees, meaning any of them could have searched the list and potentially abused the data.
