Skip to main content

Facebook stored millions of Instagram passwords in plain text on its servers

(Image credit: Image Credit: Katherine Welles / Shutterstock)

Roughly a month ago, news broke out that Facebook had stored millions of passwords on its own servers, in plaintext. The company employees have had access to the servers, and thus the passwords, for most of the time, and although Facebook said they haven't abused the unnecessary privilege, we did know that some 2,000 engineers and devs made some nine million internal queries for data elements that contained passwords in plain text.

However, Facebook has since updated the post (as opposed to issuing a new one), in which it gave new information about the case. As it turns out, the original story of “hundreds of millions of Facebook Lite users” and “only tens of thousands of Instagram users” has now changed to “millions of Instagram users”.

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” the update reads.

“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Initially, the company said between 200 and 600 million passwords were exposed.

The news came the same day when Facebook was found to have been uploading email contacts of almost two million users without explicit consent.

Image Credit: Katherine Welles / Shutterstock