Remember when Facebook announced its password snafu back in March? It turns out that the security blunder was much more significant that initially announced, since the issue also encompassed millions of Instagram passwords.
According to an updated security blog post originally published March 21, Facebook discovered additional logs of Instagram passwords stored in readable text. Facebook said the issue affected “millions” of Instagram users.
The good news is that Facebook’s investigation found no abuse or improper access of the affected Instagram passwords. The investigation also found that the passwords were not accessible outside of Facebook and Instagram employees. That said, Instagram will reach out to affected users and instruct them on how to change their passwords.
This is Facebook’s second password issue in less than a month. On March 21, a “routine security review” found that internal Facebook servers were storing millions of plain-text, unencrypted user passwords.
As with today’s announcement, no one outside of Facebook employees supposedly saw the passwords. Facebook estimated that it would notify hundreds of millions of Facebook Lite users and tens of millions of other Facebook users and encourage them to change their passwords.
At the time, Facebook said it would look at different ways to store information related to its users, including things like access tokens. We don’t know if Facebook is still looking for different ways to store user information or whether it already found a different way.