New York (CNN Business) Facebook revealed on Thursday it didn't properly mask the passwords of hundreds of millions of its users and stored them as plain text in an internal database that could be accessed by its staff. The company said it discovered the exposed passwords during a security review in January and launched an investigation. Facebook did not say how long it had been storing passwords in this way. Facebook shared information about the security incident publicly soon after it was first reported by Krebs on Security"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," Pedro Canahuati, a Facebook vice president wrote on Thursday in a post titled, "Keeping Passwords Secure." He added that Facebook typically "masks people's passwords when they create an account so that no one at the company can see them."

Source: CNN March 21, 2019 16:19 UTC