Facebook Stored Millions of Instagram Users’ Passwords in Plaintext


Facebook late last month revealed that the social media company mistakenly stored passwords for “hundreds of millions” of Facebook users in plaintext, including “tens of thousands” passwords of its Instagram users as well.

Now it appears that the incident is far worse than first reported.

Facebook today quietly updated its March press release, adding that the actual number of affected Instagram users were not in hundreds of thousands but millions.

These plaintext passwords for millions of Instagram users, along with millions of Facebook users, were accessible to some of the Facebook engineers, who according to the company, did not abuse it.

According to the updated post, Facebook discovered “additional logs of Instagram passwords” stored in a readable format, but added that its investigation revealed that the stored passwords were never “abused or improperly accessed” by any of its employees.

Here’s the full updated statement posted by the company:

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

The latest revelation comes in less than a day after it was revealed that Facebook had stored up to 1.5 million users’ contact information on its servers, without their consent or knowledge, since May 2016.

To be on the safer side, The Hacker News recommends you to change their Facebook and Instagram passwords immediately, even if you don’t receive any email from Instagram or Facebook.

Also, make sure you have enabled two-factor authentication for the services.

Source: https://thehackernews.com/2019/04/instagram-password-plaintext.html

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims’ computers with DNSpionage—a […]