Facebook admits to storing plaintext passwords for millions of Instagram users
Security
Facebook admitted today to storing the passwords of millions of Instagram users in plaintext format in internal server logs.
The announcement came as an update to an incident from last month when the company admitted to storing plaintext passwords for hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram accounts.
"We discovered additional logs of Instagram passwords being stored in a readable format," the company said in an update published today.
"We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."
Facebook said that its investigation revealed that none of these plaintext passwords were abused by employees.
Just like it did in last month's breach incident, the company did not put an exact figure on the number of impacted accounts, a practice the company has been criticized over the past few weeks.
Facebook has been very secretive about its security incidents, a fact that more users are finding annoying, especially since user privacy and security incidents are becoming more common.
In fact, the company went public with last month's "revelation" that it stored user passwords in plaintext for years only after investigative reporter Brian Krebs published an article citing an internal source.
Krebs reported that over 2,000 Facebook employee had access to the server logs on a daily basis.
It took the company years to discover the blunder.
Now, Facebook is seen as the villain again, and is being criticized on social media for trying to bury this security update by releasing it on the same day as the Mueller Report.
Facebook's worst privacy scandals and data disasters
More data breach coverage:
- Indian govt agency left details of millions of pregnant women exposed online
- Mailgun hacked part of massive attack on WordPress sites
- Microsoft discloses security breach that impacted some Outlook accounts
- A hacker has dumped nearly one billion user records over the past two months
- Over 13K iSCSI storage clusters left exposed online without a password
- Chinese companies have leaked over 590 million resumes via open databases
- Facebook passwords by the hundreds of millions sat exposed in plain text CNET
- Facebook data privacy scandal: A cheat sheet TechRepublic