HomeWinBuzzer NewsFacebook Admits Millions of Instagram Passwords Were Stored in Plain Text

Facebook Admits Millions of Instagram Passwords Were Stored in Plain Text

Facebook says millions of Instagram users were affected by a bug that stored their passwords in a readable format on internal servers. The company says no abuse was discovered, but employees inadvertently returned the records in their searches.


admits that it severely underreported a bug that stored passwords in plaintext. Last month, the company reported that “tens of thousands” of the platforms user's were affected, but new logs suggest it was in the millions.

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” says the giant. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”

As before, Facebook says it has no evidence of the misuse of these passwords. A former admittance of improperly stored Facebook passwords puts the readable number at hundreds of millions.

However, it's worth noting that these details were allegedly searchable by 20,000 Facebook employees. Krebs On Security says 2,000 engineers of developers “made approximately nine million internal queries for data elements that contained plaintext user passwords”.

“We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” Facebook's Renfro assured the publication. “In this situation what we've found is these passwords were inadvertently logged but that there was no actual risk that's come from this.”

Worrying PR Tactics

Regardless of the risk, a major concern is Facebook's selective publication of the update just before the long-awaited Mueller report went live. Previously, the company has launched a tool to inform users of exposure to Russian Propaganda just before Christmas (via CNN). The initial announcement of the tool was the day before Thanksgiving.

The company also released a report about its failure to prevent political division tactics the night before the US midterm election. Thankfully, it's trivial to keep an eye on Facebook's announcements via RSS these days, so media outlets will always pick it up. It's just a matter of whether users will see them.

It's important that as many users see vital security updates as possible. Facebook doesn't appear to be recommending a password change, but it's better to be safe than sorry. is another company to under-report security issues recently, first implying its Outlook breach didn't contain emails, then going back on the statement.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News