Facebook admits to storing plaintext passwords for millions of Instagram users

Ruben Fields
April 19, 2019

After admitting last month tens of thousands of passwords were stored in the readable format, Facebook has now revealed the issue has actually impacted millions.

"It has emerged that millions of Instagram users" passwords were accidentally stored in plain text on Facebook's servers.

Just yesterday news emerged that Facebook may have "unintentionally uploaded" email contacts of 1.5 million new users since May 2016. Facebook Lite is designed for people with older phones or slow internet connections.

The social network's handling of user data has been a flashpoint for controversy since it admitted past year that Cambridge Analytica, a political consultancy, used an app that may have hijacked the private details of 87 million users.

Facebook has again reiterated that there has been no evidence of misuse of this password data.

Three climate change activists charged over obstructing a train during London protests
However, police said they were limited in the action they could take as the protests were disruptive, rather than violent. Heathrow Airport said it was working with police to address threats of protest that may disrupt the airport.

So far, Facebook hasn't revealed how long it had been storing the Instagram passwords in plain text, what caused it, or how many employees may have had access to the information.

"We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way", said the original post from the company.

The number of users whose password had been compromised range from almost 200 million to 600 million, said the report.

Facebook and Instagram users concerned about their password security can change it online in the settings part of their account.

Facebook reaffirmed that there is no indication that the data was improperly accessed or abused, despite being accessible to more than 20,000 Facebook employees, adding that affected Instagram users will be notified that their passwords were improperly stored. Still, it's one more black eye for a company that's been dealt its fair share in recent weeks, with one of the most recent being a deep-dive into the company published on Monday by Wired, titled "15 Months of Fresh Hell Inside Facebook".

Other reports by

Discuss This Article