Go to listing page

Millions of Instagram passwords stored in plaintext says Facebook

Millions of Instagram passwords stored in plaintext says Facebook
  • Facebook disclosed this security issue in a blog that it had earlier published on storing millions of user passwords in plaintext.
  • The company mentioned that these Instagram passwords were not abused or accessed by its employees.

In another revelation on Thursday, Facebook disclosed that it stored millions of passwords of Instagram users in plaintext. The social networking company mentioned this incident in an update to the earlier blog written on passwords kept in plaintext in its storage systems.

Last month, Facebook admitted that it stored millions of user passwords in ‘a readable format’ after it conducted a security review on January this year. The platforms included Facebook, Facebook Lite and Instagram.

The big picture

  • Facebook said in an update that it came across additional logs of Instagram passwords that were stored in a readable format.
  • The company suggests that the issue impacted millions of Instagram users and has told that it would be informing the affected users. Previously, it had been accounted as ‘tens of thousands’ of Instagram users being affected.
  • It has also emphasized that these unencrypted passwords were not being abused or accessed by its employees.
  • The update did not hint any resolution or workaround towards securing these passwords.

Large number of users at risk

Facebook has not revealed the exact number of users affected in the plaintext incident, neither in the case of Instagram users nor Facebook users. However, it is possible that the user base involved might be very large. KrebsonSecurity had earlier reported that the incident had spanned more than a hundred million users.

“The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees,” Brian Krebs wrote. Only future investigations can reveal the actual number of users affected by this incident.

Cyware Publisher