The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network, the BBC reports.
Security researcher Brian Krebs broke the news about data protection failures, which saw up to 600 million passwords stored in plain text.
The passwords that were exposed could date back to 2012, he said.
In a statement, Facebook said it had now resolved a "glitch" that had stored the passwords on its internal network.
In a detailed expose, Mr Krebs said a Facebook source had told him about "security failures" that had let developers create applications that logged and stored the passwords without encrypting them.
Commenting on Mr Krebs's story Facebook engineer, Scott Renfro said an internal investigation started after Facebook had uncovered the logs had not revealed any "signs of misuse".
In public comments, Facebook said it had discovered the issue in January as part of a routine security review.
And its investigation showed that most of the people affected were users of Facebook Lite, which tends to be used in nations where net connections are sparse and slow.