Facebook: Storing Instagram passwords in plain text & harvesting your emails

Facebook: Storing Instagram passwords in plain text & harvesting your emails

Facebook stored millions of Instagram passwords in a readable format and asked users for their email’s passwords for “verification.”

On 21st March, 2018, the social media giant Facebook admitted that it stored passwords of 600 million users including “tens of thousands” of passwords belonging to Instagram users in plain-text which were accessible to over 20,000 employees. 

Facebook stored millions of Instagram passwords in plain-text

Now, Facebook has issued another update regarding the incident from last month revealing that it has found additional logs of Instagram passwords being stored in a “readable” format meaning that the number of leaked Instagram passwords is more than just tens of thousands. 

 “We now estimate that this issue impacted millions of Instagram users,” said Facebook.

According to Pedro Canahuati, VP Engineering, Security and Privacy at Facebook, there is no evidence that these passwords were “internally abused or improperly accessed.” However, Instagram users impacted by the incident will be notified by the company.

This is the message that Facebook sent to one of its users on April 7th.

It is worth mentioning that Canahuati did not mention the exact number of Instagram passwords that were exposed to the company’s employees. However, if you have an Instagram account, change your password right now to be on the safe side. 

See: Best password managers for 2019

Moreover, use two-factor authentication on every service that you use including Facebook, Instagram, Twitter, and Gmail, etc. In case of suspicious activity change your password again and do not use the same password for other services.

In another incident, Facebook was once again found playing with user privacy after it was caught harvesting email contacts of 1.5 million users without their consent.

According to Business Insider, from May 2016 and last month, Facebook asked millions of its new users to verify their login email address by sharing its password with the company. Once the user shared their password, Facebook would import the email address without their knowledge or permission.

In total, over 1.5 million users had their email addresses imported after forcing them to share their passwords. In a statement to BI, Facebook acknowledged the issue but claimed that “in some cases, people’s email contacts were also unintentionally uploaded to Facebook when they created their account.”

The company insists that none of these contacts were shared with anyone and they are now being deleted.

“We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings,” said the company.

See: Facebook gave Amazon, Netflix, Spotify & others access to private user data

Earlier this month, private data of 540 million Facebook users was exposed in plain text format. The data included email addresses, passwords, account IDs, identification numbers and even comments and reactions. The database was stored in plain sight without having password protection.

In case you wish you permanently delete your Facebook account follow this guide.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts