- The stored passwords can be read by thousands of Facebook employees
- The company did not reveal the exact number of passwords exposed
A day after admitting it “unintentionally” uploaded emails of nearly 1.5 million new users, Facebook has now revealed that millions of Instagram passwords were stored on its servers in a readable format. Last month, Facebook said that it fixed a security issue wherein millions of its users’ passwords were stored in plain text and “readable” format for years and were searchable by thousands of its employees. The company on Thursday revealed that millions of passwords belonging to the users of its photo-sharing service Instagram were also exposed.
“We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users,” said the social networking giant in an update.
“We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
Facebook had found that some user passwords were being stored in a readable format within our internal data storage systems. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way,” wrote Pedro Canahuati, Vice President, Engineering, Security and Privacy at Facebook.
A Facebook spokesperson admitted late Wednesday that emails of 1.5 million people were harvested since May 2016 to help build Facebook’s web of social connections and recommend other users to add as friends.
The revelation came to light after a security researcher noticed that “Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities”.
The social network said the contacts weren’t shared with anyone and were being deleted. In March, a report by Krebs On Security claimed that around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees.