Social Media: Facebook lets it be known was actually ‘millions’ of users who had their Instagram passwords compromised

Social Media: Facebook lets it be known was actually ‘millions’ of users who had their Instagram passwords compromised

Facebook has admitted a huge number of Instagram clients’ passwords were vulnerable and being stored in a readable format inside its internal storage systems.

The update was snuck through in a blog post, at first posted on 21 March, with the language changing from “thousands” to “millions”.

The update was issued around 10 pm on April 18, and posted inside the first March blog entry.

It said: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Facebook’s Pedro Canahuati, VP of engineering, security and privacy, said the issue was discovered during a routine security review in January, and insisted the passwords were never visible to anyone outside of Facebook, and said there was no evidence of it being exploited by internal staff.

As ever, Facebook said its concern and priority was people’s privacy.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them. There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” Canahuati said.

The initial revelation, posted on Facebook’s corporate site in March, revealed “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” were left vulnerable by the system error.

Jason Hahn

Share This Post