Social media giant Facebook recently admitted to storing millions of Instagram users passwords as easily accessible plain text, making them easy to view for employees or others who accessed Facebook’s systems.
PCMag reports that social media giant Facebook recently admitted to storing millions of Instagram users passwords in plain text just one month after admitting to storing “hundreds of millions” of Facebook users passwords in an unencrypted format on the sites internal servers. At the time of the initial announcement, the company states that the storing of Facebook users passwords in an insecure manner only affected “tens of thousands” of Instagram users, now it seems that is not the case.
In an update to its original post on the incident, Facebook stated: “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.” The company told PCMag in a statement that precise numbers of the accounts affected are not yet available, stating: “This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way.”
Facebook claims that it has not yet uncovered evidence of abuse or leaks of the stored account details, but many users would be wise to change their passwords as a safety precaution. Companies such as Facebook should be storing users login details via an encryption method called hashing which scrambles the login details into an unreadable format; this means that if the site suffers a data breach hackers still can’t gain access to users account details.
Facebook has yet to reveal how long these usernames and password were stored insecurely and how many employees had access to the information.