An anonymous Facebook source informed Krebs today at some point in January their security team discovered that they've been logging millions of user passwords in plaintext, surprising exactly no one. These logs were presumably never accessible to anyone outside of Facebook, but potentially might have been accessed by employees. While passwords were encrypted in transit and hashed in storage, in logs they were unsecured.
Facebook has released a statement regarding this leak, not saying much else besides that they've been reviewing their logging practices and found this same issue in several other places. Hopefully they learn from this and improve their practices, and inspire other teams to also review their own policies.
A small community of meme gardeners, planting and nurturing ideas.