Facebook admits to storing plaintext passwords for millions of Instagram users
Facebook admitted today to storing the passwords of millions of Instagram users in plaintext format in internal server logs.
The announcement came as an update to an incident from last month when the company admitted to storing plaintext passwords for hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram accounts.
“We discovered additional logs of Instagram passwords being stored in a readable format,” the company said in an update published today.
“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”
Facebook said that its investigation revealed that none of these plaintext passwords were abused by employees.
Just like it did in last month’s breach incident, the company did not put an exact figure on the number of impacted accounts, a practice the company has been criticized over the past few weeks.
Facebook has been very secretive about its security incidents, a fact that more users are finding annoying, especially since user privacy and security incidents are becoming more common.
In fact, the company went public with last month’s “revelation” that it stored user passwords in plaintext for years only after investigative reporter Brian Krebs published an article citing an internal source.
Krebs reported that over 2,000 Facebook employee had access to the server logs on a daily basis.
It took the company years to discover the blunder.
Now, Facebook is seen as the villain again, and is being criticized on social media for trying to bury this security update by releasing it on the same day as the Mueller Report.