Facebook has confirmed it left millions of user passwords readable by its employees for years, after a security researcher posted about the issue online.
By storing passwords in readable plain text — as opposed to a scrambled form, which makes it almost impossible to recover the original text — Facebook violated fundamental computer security practices.
"There is no valid reason why anyone in an organisation, especially the size of Facebook, needs to have access to users' passwords in plain text," cybersecurity expert Andrei Barysevich said.
Facebook said there was no evidence its employees abused access to this data — but thousands of employees could have searched them.