Just a day after admitting they have “unintentionally” uploaded emails of nearly 1.5 million users, Facebook has now admitted of a breach in Instagram. The company says the new breach is in relation to the breach reported last month.
If you remember, we reported that Facebook stored passwords of Facebook users in readable form. The issue was admitted by Facebook last month and Facebook assured that it has been fixed since then. Unfortunately, it looks like the issue was not solved after all as the company admitted to storing passwords of Instagram users in plain text as well.
We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.
Our investigation has determined that these stored passwords were not internally abused or improperly accessed. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way.
– Pedro Canahuati, Vice President, Engineering, Security and Privacy, Facebook
While Facebook has assured that the passwords weren’t accessed we don’t have a sure way of knowing if that’s true. So it might be a good idea to change your Instagram password and not use the old password anywhere else.