Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext
Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission
In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belonging to Instagram users as well.
Unfortunately the issue was bigger than initially reported, the company updated the initial press release confirming that millions of Instagram users were affected by the problem.
The disconcerting discovery was made in January by Facebook IT staff as part of a routine security review. The passwords were stored in plain text on internal data storage systems, this means that they were accessible only by employees.
Facebook quickly fixed the issue and notified the affected users.
Now Facebook confirmed to have discovered “additional logs of Instagram passwords” stored in a readable format. The social network giant pointed out that the passwords were never “abused or improperly accessed” by any of its employees.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).” reads the updated statement.
Summarizing, millions of Instagram users had their account passwords stored in plain text and searchable by thousands of Facebook employees.
Let me suggest to change your password using strong ones and enable the two-factor authentication.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.