Tuesday, 23 April 2019

Update: Facebook Admits To Having Stored Millions of Instagram PLAINTEXT Passwords

Last month, Facebook publicly confessed to a mistake in saving users’ passwords in plain text. As previously reported, this action exposed users’ passwords to Facebook employees. At that time, they stated that the issue affected the users of Facebook Lite, Facebook, and Instagram – where Instagram had the minimum number of affected users. However, according to a recent update, Facebook stored much more Instagram passwords than previously estimated.

Facebook Stored More Instagram Passwords In Plain Text

As highlighted by the update in Facebook’s last month’s post, Facebook stored more Instagram plain text passwords than previously speculated earlier. It means a far greater number of Instagram users have now unknowingly shared their passwords with Facebook employees.
Initially, Facebook estimated the minimum impact for Instagram users, the highest being the users for Facebook Lite. Although, they didn’t mention precise figures, rather they used indicative words to express the impact.
“We estimate … hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.”
However, the updated section now reveals a much vaster number of impacted Instagram users since they found additional logs.
“We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users.”
Nonetheless, this time too, they didn’t mention any exact figures for the number of affected users.

Facebook Will Notify Instagram Users

With this update, Facebook informs that it found more passwords of users saved in plain text. The discovery drastically increases the impact of the breach for Instagram users from ‘tens of thousands’ to ‘millions’.
Since Facebook discovered an additional number of users of Instagram exposing passwords to Facebook employees, they assure they will notify the newly discovered victims.
“We will be notifying these users as we did the others.”
Once again, they reinstate the safety of users’ privacy as they ensure no abuse of exposed passwords.
“Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
Nonetheless, their shady update with no explicit details but a news piece about an increase in impact radius makes it dubious to believe their claims. One can only hope that the matter doesn’t get exploited.

No comments:

Post a Comment