In March 2019, Facebook announced that millions of Facebook passwords were stored on its servers in plain text format (unencrypted). When that news surfaced, the social network said “tens of thousands” of Instagram passwords had also been stored in plain text. It turns out Facebook estimates counts a little differently than most of us.
In an update to its original blog post, Facebook now admits that millions of Instagram passwords were stored on its servers in plain text.
Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.
Thousands of Facebook employees had access to the plain text, easily readable passwords. Although Facebook says there is no evidence anyone within the company abused or improperly accessed the passwords, users should still be concerned.
Instagram user names and passwords can be an attractive target for data thieves, as short names can be sold for large amounts of money, making Instagram passwords a valuable commodity.
Facebook, of course, didn’t announce the new numbers publicly, instead burying the announcement as an update to a month-old blog post. Conveniently enough, as pointed out by Recode, the social network also posted the update just before the Meuller report was released, guaranteeing the media would be distracted elsewhere. (Funny how those things work.)
(Via MacRumors)
