Regardless of your usage of Facebook, you’ll have noticed that the company was involved in a fair few privacy-related incidents over the past few months. There was that time when sensitive data was leaked by third-party apps, then the “accidental” upload of email contacts for 1.5 million users, and of course, the plain-text passwords of millions being accessed by the company’s employees. In a rather unfortunate turn of events, Instagram has contracted password plain-textitis too.
In an April 18 update to the rather ironically titled ‘Keeping Passwords Secure’ post which detailed the previous plain-text password incident, Facebook revealed that millions of Instagram users were affected too. The update reads as follows:
Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).
Unlike the main service itself, the company says that while passwords of millions of users (how many is unknown) were stored in a ‘readable format’, employees did not improperly access them. That said, it’s hardly easy to take Facebook’s word on this one given its many recent missteps.