Menlo Park-headquartered social media giant Facebook has said that as part of a routine security review in January 2019, it found that some user passwords were being stored in a readable format within its internal data storage systems. However, the company has now fixed the issue and said it will be notifying the affected users.\r\n\r\nThe development comes after cybersecurity reporter Brian Krebs reported the breach, saying that the bug dated back to 2012. Even though the company has not officially given any number of users affected, Krebs report said the investigation so far indicates between 200 Mn and 600 Mn Facebook users may have had their account passwords stored in plain text and searchable by more than 20K Facebook employees.\r\n\r\nThe company said that it has found \u201cno evidence to date that anyone internally abused or improperly accessed them,\u201d but said it will notify \u201chundreds of millions of Facebook Lite users,\u201d a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and \u201ctens of millions of other Facebook users.\u201d\r\n\r\nThe company also said \u201ctens of thousands of Instagram \u00a0users\u201d will be notified of the exposure.\r\n\r\n\u201cIn the course of our review, we have been looking at the ways we store certain other categories of information \u2014 like access tokens \u2014 and have fixed problems as we discovered them,\u201d the company said.\r\n\r\nFacebook also explained how it stores users\u2019 passwords: \u201cIn security terms, we \u201chash\u201d and \u201csalt\u201d the passwords, including using a function called \u201cscrypt\u201d as well as a cryptographic key that lets us irreversibly replace your actual password with a random set of characters. With this technique, we can validate that a person is logging in with the correct password without actually having to store the password in plain text.\u201d\r\n\r\nAt the same time, Krebs report said that some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.\r\n\r\nThis is not the first time, social media players have faced data concerns with users\u2019 passwords. Earlier, Twitter and GitHub were hit by similar but independent bugs, but passwords were stored in plaintext and not scrambled.\r\n\r\nFacebook has been at the centre of data breach scandals over the last year and concerns of users as well as the government. The company has reportedly admitted the breach to European Union agencies under the GDPR compliance rules. But it remains to be seen if Indian government summons the company again, seeking Indian users\u2019 statistics or Facebook gets out of the scandal unscathed again.