Facebook Reveals Millions of Instagram Passwords Stored As Text

Facebook’s password security breach last month was worse than initially reported.
John Loeffler

Facebook has admitted that millions of Instagram passwords were stored on internal Facebook servers in readable plain text format, not thousands as initially claimed back in March.

Millions of Instagram Passwords Compromised

Last month, Facebook revealed that millions of Facebook Lite users had their passwords stored on internal company servers in a readable plain text format that was accessible by regular company employees, and claimed that “thousands” of Instagram accounts were affected as well. Now, the number of Instagram accounts affected by the breach of basic security standards appears to number in the millions.


In an update to the initial March 21 blog post by Pedro Canahuati, Facebook’s Vice President for Engineering, Security, and Privacy, revealing the breach, the company said: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Timing of Revelation Draws Suspicion by Some

Facebook’s update comes on a day where the US news media and social media environment is consumed by the release of Robert Mueller’s special counsel’s report on Russian interference in the 2016 US Presidential Election, which also explores whether President Donald Trump or members of his campaign were involved in the effort—the report concluded that there was no criminal conspiracy—as well as whether the President committed Obstruction of Justice.

The timing of the update by Facebook has been suggested by some as an effort to release the news as quietly as possible.

Most Popular
message circleSHOW COMMENT (1)chevron