Skip to main content

Facebook stored millions of Instagram passwords in plain text on its servers

(Image credit: Image Credit: Katherine Welles / Shutterstock)

Roughly a month ago, news broke out (opens in new tab) that Facebook had stored millions of passwords on its own servers, in plaintext. The company employees have had access to the servers, and thus the passwords, for most of the time, and although Facebook said they haven't abused the unnecessary privilege, we did know that some 2,000 engineers and devs made some nine million internal queries for data elements that contained passwords in plain text.

However, Facebook has since updated the post (opens in new tab) (as opposed to issuing a new one), in which it gave new information about the case. As it turns out, the original story of “hundreds of millions of Facebook Lite users” and “only tens of thousands of Instagram users” has now changed to “millions of Instagram users”.

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” the update reads.

“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Initially, the company said between 200 and 600 million passwords were exposed.

The news came the same day when Facebook was found to have been uploading email contacts of almost two million users without explicit consent.

Image Credit: Katherine Welles / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.