A day after admitting it “unintentionally” uploaded emails of nearly 1.5 million of new users, Facebook has now revealed that millions of Instagram passwords were stored on its servers in a plain text and readable format, which would have potentially compromised the security of these accounts. Facebook delays its ‘Clear History’ tool yet again to Autumn 2019
Last month, Facebook said that it has fixed a security issue wherein millions of its users’ passwords were stored in plain text and “readable” format for years and were searchable by thousands of its employees. On Thursday, the company admitted that millions of passwords belonging to the users of its photo-sharing service Instagram were also exposed.
According to Krebs, the passwords were stored within Facebook and were accessible to more than 20,000 employees. Facebook said it has investigated access to the passwords, and that it found “no evidence of abuse or misuse.” It also says no passwords were exposed externally. Facebook doesn’t seem to be actively recommending that people change their passwords.
“This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way,” a Facebook spokesperson said in a statement.
The revelation came to light after a security researcher noticed that “Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities”. The social network said the contacts weren’t shared with anyone and were being deleted.
“We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users,” said the social networking giant in an update. “We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.” Facebook had found that some user passwords were being stored in a readable format within our internal data storage systems.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way,” wrote Pedro Canahuati, Vice President, Engineering, Security and Privacy at Facebook. A Facebook spokesperson admitted late Wednesday that emails of 1.5 million people were harvested since May 2016 to help build Facebook’s web of social connections and recommend other users to add as friends.
As Facebook has said that it’ll be contacting all the people whose Instagram passwords were improperly stored, we hope your’s will not be on the list. We would suggest you, to change your Facebook and Instagram’s password as a precautionary measure and keep doing the same at regular intervals for the safety of your accounts.
