Note: As part of a routine security review in January 2019, Facebook found that some user passwords were being stored in a readable format within their internal data storage systems. The issue has affected hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook has since fixed the issue.
Note: GitHub discovered that a bug exposed a small number of users' passwords to their internal logging system, recording plaintext user passwords when users initiated a password reset. The bug was fixed in May 2018, and was introduced shortly before fixing it.
Note: Due to a bug, passwords were written to an internal log before completing the bcrypt hashing, resulting in passwords being stored in plaintext in the log. The bug was fixed in May 2018.
