In another privacy bomb, Facebook admits storing millions of Instagram passwords in plain text
Last month Facebook Inc. admitted that it had stored thousands of Instagram users’ passwords in plain text, open for viewing by people at certain levels in the company. Today the company said that number is actually in the millions.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” Facebook said in an update Thursday on the original admission. “We now estimate that this issue impacted millions of Instagram users.”
Facebook said in the original post that the issue affected “tens of thousands of Instagram users,” adding that “hundreds of millions of Facebook Lite users” had also had their passwords exposed. The company has stated that there is currently no evidence of abuse of this mistake, but reports suggested about 20,000 people may have had access to the passwords.
“This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way,” a company spokesperson said in a statement.
You could say it’s been a bad year or so for Facebook, perhaps the nadir being the Cambridge Analytica scandal, but issues and subsequent apologies have been pretty much constant for a while now. Today the bad news virtually came back-to-back with more bad news.
Just hours before the Instagram revelation, Facebook revealed that it had unintentionally uploaded the email contacts of 1.5 million users to its systems. If you joined Facebook anytime between May 2016 and March 2019, you could be a victim.
During the sign-up process, users were asked to provide email and password, after which Facebook then imported contacts without notifying the user. There was no way to opt out. Users were notified with an “importing contacts” message, but there was nothing the user could do to stop it.
The company has since said it’s in the process of deleting this data and will let its customers know when the process is complete, but this latest mistake isn’t exactly a good look for a company whose standards seem so full of holes.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We are holding our third cloud startup showcase on Sept. 22. Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.