The credentials were not made available outside of Facebook according to the company, but sources close to Krebs on Security said that these credentials might be searchable by over 20,000 employees of the company. For context, Facebook employed 35,587 people by the end of 2018.
According to Facebook, the problem was discovered in January through a routine security review. The company normally masks passwords using techniques that make them unreadable but according to a source who talked to Krebs on Security, this issue may have existed since 2012. Facebook says that it has fixed the issue and is now in the process of informing affected Facebook, Facebook Lite, and Instagram users to change their passwords as a safety measure. Considering the severity of Facebook’s blunder, We do advise everyone to change their passwords, even if you’re not affected. (Source: Facebook, Krebs on Security)
