Not a day goes by when we don’t hear of another Facebook screw-up.
Just yesterday news emerged that Facebook may have “unintentionally uploaded” email contacts of 1.5 million new users since May 2016. Within 24 hours of that news, Facebook has yet again, some not-so-good news to share with us.
It has emerged that millions of Instagram users’ passwords were accidentally stored in plain text on Facebook’s servers. This means that Facebook employees could access these passwords. Just last month we had heard about how Facebook employees had access to around 600 million users’ password in plain text. Back then Facebook had said that of this lot, around ‘tens of thousands’ of passwords belong to Instagram users. Now it turns out that number isn’t in the thousands, but in millions.
Facebook added an update to its blog on this matter, which was originally published on 21 March.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” read the update.
Facebook has again reiterated that there has been no evidence of misuse of this password data. Facebook had said the same about the 600 mn passwords earlier. Those passwords were accessible to as many as 20,000 Facebook employees and dated back as early as 2012, cybersecurity blog KrebsOnSecurity said in its report.
The number of users whose password had been compromised range from nearly 200 million to 600 million, said the report. The breach came into light after a senior Facebook employee familiar with the matter came forward on the condition of anonymity. The cybersecurity blog stated that the anonymous Facebook insider revealed that access logs of some 2,000 Facebook employees showed that nearly nine million internal queries were made for data elements that contained plain text user passwords.
While Facebook has said that it will inform users whose passwords may have been part of this list, it is best to change your Instagram password right now. Go to Account > Settings > Privacy and Security > Password to change your password.