Facebook released a notice in March 2019 stating several million user passwords were kept in a readable unencrypted format on their own internal servers.  However, Facebook maintains that this data was never publicly available or misused and will notify individual users affected by this issue.