Facebook says Millions of Instagram Passwords Exposed As They Were Stored in Plain Text

Facebook finds itself in hot waters once again as passwords of its users were being exposed. Although this time the passwords of users on Facebook’s Instagram were exposed instead of their own platform.

Earlier, there were reports that Facebook stored passwords of its users in plain text. This meant that passwords of millions of Facebook users were visible to their employees.

The same thing has happened now with Instagram. Instagram users’ passwords were similarly being stored in plain text. Therefore, Instagram’s employees could see all the passwords of its users. Shockingly, the employees were also able to search for user passwords.

Earlier, Facebook reported that only tens of thousands of passwords were exposed. However, the company now says that the breach was more severe than expected.

Facebook says Millions of Instagram passwords, instead of thousands, were exposed

The report goes back in March when Facebook acknowledged that its systems had a security lapse which exposed passwords of ‘tens of thousand’ users. However, the company now says that the lapse was much more severe than they previously anticipated. The earlier estimate of tens of thousands of passwords being exposed has now reached millions.

But maintaining its earlier stance, Facebook says that the passwords were stored on a private server. Thus, they were not accessible to outsiders at all. Though, it means that the passwords were visible to the company’s employees. Facebook’s official blog post from March accepted that both the Facebook Lite and Facebook users’ passwords were exposed.

If you are familiar with Facebook Lite, it was designed for users with low internet connectivity and those who have entry-level smartphones. Therefore, passwords of Facebook Lite users being exposed is something to worry about. Those are the users who have comparatively less knowledge of the technical side of things.

In any company, even in startups; passwords are expected to be stored in encrypted form. But Facebook storing its user’s passwords in plain text is a serious cause of concern. As Facebook had claimed earlier, it has found “no evidence” that any of its users misused the passwords.

Facebook spokesperson, on this matter, said that

This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way.

With this update, Facebook has made matters worse for itself as it already had a bad year in terms of security. As with Facebook users, the company will start notifying Instagram users about the breach as well.