Facebook has discovered that the passwords of hundreds of millions of its users were being stored in a readable unencrypted manner on its internal systems that was potentially accessible by the company’s employees.
The social media firm said the passwords were never visible to anyone outside of the company and it has not found any evidence so far that anyone internally abused or improperly accessed them.
It also says it has fixed the issue and as a precaution it will be notifying everyone whose passwords it has found were stored in this way.
Nevertheless, the problem is likely to raise concern among users and data protection regulators, coming as it does in the wake of a series of data breaches at the social network in recent years.
A spokesman for the Data Protection Commission said Facebook has informed it of the issue and it is now seeking further details from it.
It is likely the commission will be trying to establish whether or not the problem meets the threshold of a data breach as defined by the General Data Protection Regulation or GDPR.
In a blog post, the company said it discovered the problem during a routine security review in January.
"This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable," said Pedro Canahuati, Vice President of Engineering, Security and Privacy.
The company said hundreds of millions of users of Facebook Lite (a version used mostly by people in regions with lower connectivity), as well as tens of millions of other Facebook users and tens of thousands of Instagram users were impacted by the error.
It says other problems that it has discovered in the course of the review it has since conducted have also been repaired.