Skip to main content

Facebook admits it insecurely stored ‘millions’ of Instagram passwords in plaintext

Last month, Facebook revealed that millions of Instagram and Facebook passwords were stored in plaintext and were accessible by engineers. Now, the company has issued an update on the situation, revealing that the situation is worse than it originally stated.

As first noted by TechCrunch, Facebook today updated its blog post from March 21st about the incident. The company says that it has discovered “additional logs of Instagram passwords” that were stored in a readable format. In terms of scale, Facebook says this issue affected “millions of users.”

On the flip side, Facebook adds that its investigation determined that these passwords were not “abused or improperly accessed.” Nonetheless, affected users will be notified by Instagram and instructed to change their passwords.

Here’s Facebook’s full update on the situation:

“We discovered additional logs of Instagram passwords being stored in a readable format,” the company said. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Last month, Facebook said that it found through a “routine security review” that some user passwords were being stored in a readable format within our internal data storage systems. Today’s update on the situation, however, paints a much darker picture – revealing that millions of Instagram users were affected by the security lapse.

It still seems that the passwords were not accessible outside of Facebook and Instagram employees. Last month, the company said that 2,000 engineers and developers could have accessed the passwords.

As always with an incident like this, you’ll want to change your Instagram and Facebook credentials just to be safe, even if you don’t hear from Instagram that you were technically affected. Furthermore, this is yet another example of why you should use password management software like 1Password and LastPass to keep track of your credentials, and avoid using the same passwords across multiple services.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications