Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Pierluigi Paganini April 19, 2019

Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext

Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission

In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belonging to Instagram users as well.

Unfortunately the issue was bigger than initially reported, the company updated the initial press release confirming that millions of Instagram users were affected by the problem.

The disconcerting discovery was made in January by Facebook IT staff as part of a routine security review. The passwords were stored in plain text on internal data storage systems, this means that they were accessible only by employees.

Facebook quickly fixed the issue and notified the affected users.

Now Facebook confirmed to have discovered “additional logs of Instagram passwords” stored in a readable format. The social network giant pointed out that the passwords were never “abused or improperly accessed” by any of its employees.

Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).” reads the updated statement.


Summarizing, millions of Instagram users had their account passwords stored in plain text and searchable by thousands of Facebook employees.

Let me suggest to change your password using strong ones and enable the
two-factor authentication.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Instagram, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment