(NBC) Facebook acknowledged that it left hundreds of millions of user passwords un-encrypted for years.
The issue was first reported by a security researcher in a blog post who says the passwords were accessible by “some 2,000 engineers and developers.”
In its own blog post, Facebook said an internal security review found that the passwords had been stored in a readable format on company servers.
The company said there is no evidence that passwords were leaked and no sensitive data was improperly accessed.
All affected Facebook, Facebook Lite and Instagram users will likely be notified as a precaution.