The credit for c***up of the year goes to Facebook. The company keeps promising things but as it now turns out it stored the passwords of hundreds of millions of users completely unencrypted, yes that would be plain text on internal servers readable to anyone who had access to the server and files.
According to the official press release of Facebook "hundreds of millions of users of Facebook Light, tens of millions of other Facebook users and tens of thousands of Instagram users are informed" that their password has been affected by the incident.
Facebook already noted that during a "routine security check " in January that "some passwords" were mistakenly stored in a readable format on the company's internal data stores, and thus not in unencrypted form. Meanwhile, "the bug" has been fixed, affected users would now be informed about security, so Facebook. The company assures that the passwords were not visible outside the company and there is no evidence that they have been misused by employees. Nevertheless, if you have received the notification, you should immediately change your passwords on Facebook and Instagram.
According to the information provided by the security researchers of Krebs on Security, the number of affected accounts is estimated at 200 to 600 million. According to an anonymous Facebook source, more than 20,000 Facebook employees potentially have access to passwords stored in plain text.
Facebook stored millions of passwords unencrypted