Facebook has now admitted that millions of passwords of Instagram users were stored in plain, readable text format and also accessible to employees, which would have potentially compromised the security of these accounts. The revelation comes after last month’s report on KrebsonSecurity, which stated that Facebook was storing millions of passwords in plain text.
At that time Facebook had said that only tens of thousands of Instagram users were impacted, but as today’s statement proves this is not the case. In an updated statement, Facebook wrote, “We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”
Facebook did not give an exact number for the accounts that were impacts, but the company insists that these stored passwords were not internally abused or improperly accessed. Facebook will start informing these users about the need to change their password.
Back in March, it was reported that passwords of close to 600 million Facebook users were stored on the company’s servers in plain text. This was revealed by a KrebsonSecurity report, and it highlighted that the passwords were searchable by over 20,000 Facebook employees.
The social media network had also written a newsroom post acknowledging this problem. It was revealed that the archives of user passwords went back to 2012. Facebook in its blog post denied that the passwords were visible to anyone outside of the company. It also said there was no evidence that the passwords were abused or improperly accessed by its employees.
According to the report, the issue of passwords being stored in plain text was first flagged in January 2019. Unencrypted passwords being stored in plain text poses a major risk for the security of the accounts of these users as they are vulnerably to being stolen by hackers or even misused by employees of the firm.
Facebook insists it has found no evidence of wrongdoing, but it does raise some serious concerns on how security and privacy of users was being managed by the firm. In other news, Facebook revealed that it may have “unintentionally uploaded” email contacts of 1.5 million new users since May 2016.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them,” Facebook told Reuters,