Facebook has fixed a bug that the platform mistakenly kept a copy of passwords of many of its users that were stored in plain text and were visible to the social network’s employees.

“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” Pedro Canahuati, Facebook’s Vice President for Engineering, Security, and Privacy, wrote in a statement on Thursday.

The passwords for Facebook and Instagram users were logged and stored as early as 2012.

According to Facebook, there’s no evidence that the plain text passwords were exposed outside the company or that they were abused internally. Although we suggest there is no evidence to the contrary. As a result, Facebook will notify all users affected by the bug, but won’t require them to change their passwords.

We recommend changing your Facebook password now! This is the latest in a string of bad security issues for Facebook. So we remind you to be careful of what you post online.