Millions of Instagram passwords exposed within Facebook, company says

Facebook revealed Thursday that millions of Instagram user passwords had been stored in unprotected text accessible by the company's employees.

The company disclosed the information as an update to a March blog post in which it admitted that hundreds of millions of users' Facebook passwords had been left unprotected within the company's servers.

ADVERTISEMENT

While the original post said tens of thousands of Instagram user passwords had been exposed, Facebook said it has since discovered many more Instagram passwords exposed in the same way.

"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," Facebook wrote in the update. "We now estimate that this issue impacted millions of Instagram users."

"We will be notifying these users as we did the others," the company added.

Facebook said a statement to The Hill that the issue has been "widely reported" and stressed that it has not uncovered any misuse of the passwords.

"We want to be clear that we simply learned there were more passwords stored in this way," the Facebook spokesperson said, adding they have not found any "evidence of abuse or misuse of these passwords."

Cybersecurity reporter Brian Krebs in March in reported that up to 600 million Facebook passwords had been exposed in an internal database that was searchable by employees. Shortly after, Facebook in the blog post said it had found user passwords were stored "in a readable format within our internal data storage systems." 

"This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable," Facebook wrote. "We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way." 

According to Krebs, some of the passwords had been stored in plain text as early as 2012.