Friday, 19 April 2019

Facebook Stored Millions of Instagram Passwords in Plaintext

Facebook has quietly revealed that it accidentally stored millions of Instagram user passwords in plaintext, a major security issue that the company had previously said only affected “tens of thousands” of users.

In a March 21st announcement titled, “Keeping Passwords Secure,” Facebook stated that during a “routine security review,” it found that some Instagram passwords were being stored in a readable format. The passwords were accessible to Facebook employees but the company didn’t find any evidence that they had been improperly accessed or leaked.

Yesterday, while the release of the Muller report was dominating news headlines, Facebook updated the original news release with the following message:

Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.

The curious timing and method of Facebook’s revelation drew scorn from all corners of journalism, business, and tech:





If your Instagram password was one of those stored unencrypted, you’ll be receiving a message from Facebook about it. And even though Facebook doesn’t believe the passwords were compromised, you might want to go ahead and change your Instagram password and any other account that uses the same password anyway, just to be safe.



from PetaPixel https://petapixel.com/2019/04/19/facebook-stored-millions-of-instagram-passwords-in-plaintext/

No comments:

Post a Comment