23:09 GMT +315 November 2019
Listen Live
    A journalist makes a video of the Instagram logo

    Facebook Admits It Stored Millions of Instagram Passwords in Plain Text

    © AP Photo / Marcio Jose Sanchez
    Tech
    Get short URL
    0 23
    Subscribe

    With the media focus largely on the release of special counsel Robert Mueller's report on allegations of collusion between the Trump campaign and Russia during the 2016 election, Facebook took the opportunity on Thursday to reveal that it messed up (again) and stored millions of Instagram passwords on unencrypted internal servers.

    The social media giant first gave notice of its mistake in a March 21 blog post, titled "Keeping Passwords Secure." The post was written by Pedro Canahuati, the company's vice president of engineering, security and privacy, and focused on Facebook's previous announcement that it had mishandled millions of Facebook and Instagram passwords, storing them in a "readable format within our internal data storage systems."

    "To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," reads the post. "We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users."

    Now, less than a month after that post was published, Facebook has issued an update, stating that it has since found additional Instagram passwords stored incorrectly on servers. Rather than the "tens of thousands" it previously said were impacted, the platform is now stating that the mishap affected millions of Instagram users.

    "Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," reads the April 18 update. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."

    "Our investigation has determined that these stored passwords were not internally abused or improperly accessed," it goes on to claim.

    Facebook initially discovered the error in January when it was conducting a routine security review. According to website Krebs on Security, unprotected passwords were "searchable by more than 20,000 Facebook employees," and some archives dated back to 2012.

    A source familiar with the matter previously told the website prior to the March announcement that "the legal people" at Facebook were "more comfortable" with reporting lower numbers, and that they were "working on an effort to reduce that number even more by only counting things we have currently in our data warehouse."

    This latest development comes as federal prosecutors are conducting a criminal investigation into Facebook's sales of user data to other tech companies. The New York Times reported in March that at a grand jury in New York had subpoenaed documents from at least two well-known companies.

    Related:

    Facebook Bans UK Right-Wing Groups: British National Party, EDL & Britain First
    Facebook's Own Voice Assistant in Works to Compete With Siri & Alexa
    Facebook 'Unintentionally Uploaded' 1.5 Million Email Contacts Without Consent
    San Diego Fights the Homeless While Facebook Fights US
    Facebook User Data Scandal Shows 'We Are the Product' - Cybersecurity Firm CEO
    Tags:
    Unencrypted, Unsecured Servers, passwords, Instagram, Facebook
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik