Facebook Confirms Millions of Instagram Passwords Were Stored in Plain Text

Another day, another Facebook security-related revelation. This time it has to deal with an owned product, Instagram, and millions of passwords being stored in plain text.

On Thursday, the social networking giant, Facebook, confirmed that it had stored millions of Instagram account passwords in plain text. This is actually a new revelation on top of a story we already knew. Back in March, Facebook confirmed that “hundreds of thousands” of Facebook account passwords were stored in plain text. And, at the time, the company confirmed that “tens of thousands” of Instagram passwords were also stored in plain text.

But now the company has updated that initial blog post and revealed that “millions” of Instagram passwords were stored in plain text. This means that the passwords were stored on its servers in a readable format.

Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

As was the case before, these easily readable and accessible passwords were available to Facebook employees. However, it is worth noting that the social network is sticking to its previous claim that there is “no evidence” that anyone within Facebook abused the passwords in any way, either accessing them or distributing them.

One of the more interesting bits of all this, as noted by Recode today, is that Facebook was not going out of its way to make this news public. First, the company simply updated the initial blog post which is now more than a month old. And, Thursday was a busy day for most of the morning with other political-focused news stories breaking, which is right around the time Facebook updated the blog.

So, just as a precaution, it might be worth changing your Instagram password.

Just one more thing on top of another. Have you removed Facebook and its own platforms from your life? Or do these situations only give you a momentary pause before you return to the social network?

[via Recode; Facebook]