Categories
News privacy security Uncategorized

Facebook confirms millions of Instagram users’ passwords were stored on company servers in an unencrypted format

And the hits just keep on coming for Facebook.

As of March, Facebook announced that millions of its users’ passwords had been stored on company servers with no encryption. The company also stated that “tens of thousands” of Instagram passwords were also stored in the same unencrypted format.

This number has now proven to amount to million of Instagram passwords that had been stored in a readable format.

Per the company’s blog post on the issue:

Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.

The unencrypted, plain text passwords had been accessible to thousands of Facebook employees. Although the company has stated that there’s no “evidence to date” of employees abusing or improperly accessing the passwords, these remain a high value target for anyone inclined.

Facebook will be notifying Instagram users whose passwords were improperly stored, and Instagram users who are concerned about their accounts should change their passwords and make sure two-factor authentication is enabled. 

The security leak comes only one day after news spread that the company had harvested the email contacts of 1.5 million users without their consent and used the data to build a web of social connections. 

Stay tuned for additional details as they become available.

Via MacRumors and Recode