Facebook, one of the largest technology companies in the world, has admitted it stored the passwords of hundreds of millions of users in plain text.
In a press release issued yesterday, the social media giant confirmed it has known about the security flaw since January but nevertheless maintains protecting information is its highest priority.
Facebook believes the passwords weren’t accessible to anyone outside Facebook and said it has “no evidence to date” anyone within the company abused or improperly used the information.
It said the flaw has been fixed and all affected customers will be notified.
The security flaw predominately affects Facebook Lite, a version of the social network used most by people in regions with poor internet connectivity.
Independent security journalist Brian Kerbs, who first broke details of the flaw yesterday, said between 200-600 million users may have had their account passwords stored in plain text dating back to 2012.
Usually, sensitive user data would be encrypted, although large tech companies like Twitter have also admitted to accidentally storing passwords in plain text in recent years.
Facebook has been subject to widespread criticism over its own track record with data breaches, last October admitting over 50 million accounts were compromised by a large-scale security issue.
The social media giant did not divulge how many Australian users may have been affected by this latest flaw but has been contacted for comment.
Thousands of Instagram users and “tens of millions” of other users will also be contacted in relation to the security flaw.
The company also yesterday advised users to touch up their account security by enabling two-factor authentication and to avoid reusing passwords across different services.