Last month, Facebook admitted in a blog post that it had inadvertently stored “hundreds of millions” of user account passwords in plaintext for years, dating as far back as 2012.
Facebook said the unencrypted passwords were stored in logs which were accessible to around 2,000 engineers and developers. Facebook has not explained how such a basic step of storing users passwords in encrypted text was missed, the company said that the data was not leaked outside of the company.
Since the announcement Facebook has updated the blog post to state that they discovered additional logs of Instagram passwords being stored in a readable format.”
“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
It’s hard to believe that Facebook can guarantee these passwords were not abused in anyway considering it’s taken so long to acknowledge that so many passwords were left exposed. Facebook has also been caught harvesting approximately 1.5 million users email contacts as well. Facebook is constantly in the news over their lack of basic privacy and security features.