Facebook Stored Millions of Instagram Passwords in Plaintext

Michael Zhang

Facebook has quietly revealed that it accidentally stored millions of Instagram user passwords in plaintext, a major security issue that the company had previously said only affected “tens of thousands” of users.

In a March 21st announcement titled, “Keeping Passwords Secure,” Facebook stated that during a “routine security review,” it found that some Instagram passwords were being stored in a readable format. The passwords were accessible to Facebook employees but the company didn’t find any evidence that they had been improperly accessed or leaked.

Yesterday, while the release of the Muller report was dominating news headlines, Facebook updated the original news release with the following message:

Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.

The curious timing and method of Facebook’s revelation drew scorn from all corners of journalism, business, and tech:





If your Instagram password was one of those stored unencrypted, you’ll be receiving a message from Facebook about it. And even though Facebook doesn’t believe the passwords were compromised, you might want to go ahead and change your Instagram password and any other account that uses the same password anyway, just to be safe.

,
, , ,
Related Articles
password music video This Music Video was Created from Passwords Leaked onto the Dark Web
This Instagram Copyright Infringement Notice is a Phishing Scam
thermal computer Thermal Cameras and AI Can Be Used to Crack Passwords, New Study Warns
Yahoo Reportedly Hacked, So Change Your Flickr Password NOW
Discussion