Facebook admits it was actually ‘millions’ of users who had their Instagram passwords compromised

Facebook has admitted millions of Instagram users’ passwords were vulnerable and being stored in a readable format within its internal storage systems.

The update was snuck through in a blog post, initially posted on 21 March, with the language changing from “thousands” to “millions”.

The update was issued around 10 pm on April 18, and posted within the original March blog post.

It said: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Facebook’s Pedro Canahuati, VP of engineering, security and privacy, said the issue was discovered during a routine security review in January, and insisted the passwords were never visible to anyone outside of Facebook, and said there was no evidence of it being exploited by internal staff.

As ever, Facebook said its concern and priority was people’s privacy.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them. There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” Canahuati said.

The initial revelation, posted on Facebook’s corporate site in March, revealed “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” were left vulnerable by the system error.


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella Asia newsletter now.



Sign up to our free daily update to get the latest in media and marketing