Facebook has now admitted that millions of Instagram users’ passwords were stored in a plain, readable text format that is also accessible to employees, potentially compromising the security of these accounts. The disclosure came after last month’s report on KrebsonSecurity, which claimed that Facebook was storing millions of passwords in plain text.
At the time, Facebook had said that only tens of thousands of Instagram users were affected, but as today’s statement shows that this is not the case. In an updated statement, Facebook wrote: “We discovered that the additional Instagram password records were stored in a readable format. We now estimate that this issue affected millions of Instagram users. We will be notifying these users as we did with the others. “
Facebook did not provide an exact number for the accounts that were affected, but the company insists that these stored passwords were not subjected to internal abuse or improper access. Facebook will start informing these users about the need to change their password.
In March, the passwords of nearly 600 million Facebook users were reported to be stored on the company’s servers in plain text. This was revealed by a report from KrebsonSecurity, and it highlighted that more than 20,000 Facebook employees can look up the passwords.
The social media network had also written a newsroom post acknowledging this problem. Users’ password files were revealed to date back to 2012. Facebook in its blog post denied that the passwords were visible to anyone outside the company. He also said there was no evidence that passwords have been abused or that his employees have accessed it improperly.
According to the report, the problem of passwords stored in plain text was first flagged in January 2019. Unencrypted passwords stored in plain text pose a significant risk to the security of these users’ accounts as they are vulnerable to being stolen by hackers. or even mistreated by employees of the firm.
Facebook insists that it has found no evidence of wrongdoing, but it does raise serious concerns about the way the firm manages user security and privacy. In other news, Facebook revealed that it may have “inadvertently uploaded” email contacts from 1.5 million new users since May 2016.
“We estimate that up to 1.5 million people’s email contacts have been uploaded. These contacts were not shared with anyone and we are removing them,” Facebook told Reuters.