From The Washington Post:
Facebook on Thursday said that it had left “hundreds of millions” of users’ passwords exposed in plain text, potentially visible to the company’s employees, marking another major privacy and security headache for a tech giant already under fire for mishandling people’s personal information.
Facebook said it believed the passwords were not visible to anyone outside the company and had no evidence that its employees “internally abused or improperly accessed them.” But it said it would notify users of Facebook as well as its photo-sharing site, Instagram, that they had been affected.
The incident was first revealed by the Krebs on Security blog, which estimated the total number of affected users ranged between 200 million and 600 million. Facebook declined Thursday to confirm the estimate.
. . . .
Like most companies, Facebook said it stores passwords using a technique called hashing that’s supposed to make them unreadable. But a security review in January, detailed in a blog post Thursday, found they were actually stored in a readable format, a problem Facebook said it has since fixed. Most affected were users of Facebook Lite, the company said, a stripped-down version of the social network that’s largely in use in countries with lower Internet-connection speeds.
Link to the rest at The Washington Post
PG wonders if there is any manner in which Facebook can’t screw up.