So far, Krebs said on his blog Thursday, between 200 million and 600 million Facebook users likely had their account passwords logged in unencrypted text files. The passwords were theoretically searchable by 20,000 Facebook employees, though access logs indicate only about 2,000 did so. The company said users won’t have change their passwords, though they’re welcome to do so. But typically those passwords are obscured by “hashing” and “salting” them (more info on that here), so that even if someone accesses the data, the passwords themselves are still hidden. Facebook typically does this, but in some cases engineers apparently neglected to “hash” and “salt” some of the passwords they were collecting.

Source: Huffington Post March 21, 2019 21:45 UTC