An internal investigation at Facebook in January found hundreds of millions of passwords that we an open book sitting on Facebook's internal servers. This means it was possible for Facebook's employees to come across these credentials and potentially use them in fraudulent ways.
Facebook has reportedly found no evidence to date that any of it's employees used the information to improperly gain access into accounts according to Pedro Canahauti, Facebook's vice president of engineering security and privacy who addressed the finding in a blog post Thursday.
Security standards recommend that all passwords are encrypted and not sitting around in plain text. It is unclear how a large corporation like Facebook had so many credentials potentially exposed. Facebook said it hashes and encrypts passwords so the case is still under investigation.
Facebook is expected to soon begin notifying members whose passwords were found stored in the open without encryption as a precaution as the issue has been fixed according to Canahauti.