SAN FRANCISCO — Facebook said on Thursday that millions of user account passwords had been stored insecurely, potentially allowing employees to gain access to people’s accounts without their knowledge.

The Silicon Valley company publicized the security failure around the same time that Brian Krebs, a cybersecurity writer, reported the password vulnerability. Mr. Krebs said an audit by Facebook had found that hundreds of millions of user passwords dating to 2012 were stored in a format known as plain text, which makes the passwords readable to more than 20,000 of the company’s employees.

Facebook said that it had found no evidence of abuse and that it would begin alerting millions of its users and thousands of Instagram users about the issue. The company said it would not require people to reset their passwords.

The security failure is another embarrassment for Facebook, a $470 billion colossus that employs some of the most sought-after cybersecurity experts in the industry. It adds to a growing list of data scandals that have tarnished Facebook’s reputation over the last few years. Last year, amid revelations that a political consulting firm improperly gained access to the data of millions, Facebook also revealed that an attack on its network had exposed the personal information of tens of millions of users.