Facebook admits MILLIONS of Instagram passwords were stored in plain text, giving its employees unfiltered access to users' accounts

Facebook said Thursday that millions of Instagram passwords have been left exposed on its servers. 

In a blog post, the social media giant said that it discovered additional passwords were stored in plain text, after believing it was limited to tens of thousands of users.  

That means the information was readable and searchable by more than 20,000 Facebook employees.


Facebook said Thursday that millions of Instagram passwords have been exposed. In a blog post, the social media giant said that it discovered passwords were stored in plain text

WHAT SHOULD YOU DO NOW? 

According to Facebook, all users who were affected by the password issue will be notified.

This is includes:

  • Facebook: Tens of millions of users
  • Facebook Lite: Hundreds of millions of users
  • Instagram: Millions of users 

For now, Facebook is not requiring any users reset their passwords as a result of the issue. 

Users can choose to do this on their own, however, for peace of mind.

For added protection, the firm also recommends setting up a security key or two-factor authentication through a third party authentication app. 

ADVERTISING

The company disclosed the major security oversight in an update to a March 21 post where it revealed it left the passwords of up to 600 million Facebook, Facebook Lite and Instagram users combined stored in plain text. 

'Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,' Pedro Canahuati, Facebook's vice president of engineering, security and privacy, wrote in a blog post. 

'We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. 

'Our investigation has determined that these stored passwords were not internally abused or improperly accessed,' he added.

Facebook didn't specify how many millions of users were affected.  

Mail Online has reached out to Facebook for comment. 

The initial discovery, which was first revealed by security researcher Brian Krebs, uncovered archives dating back to 2012 that show users’ passwords in plain text. 

The company only first learned of the issue this past January.  

This latest admission marks the latest in a litany of privacy blunders that have hit Facebook in the past year. 

On Wednesday, Facebook acknowledged that it may have unintentionally uploaded email contacts of 1.5 million new users on the social media site since May 2016.

CEO Mark Zuckerberg testifies in front of the Senate Judiciary and Commerce committee after it was reported that some 87 million users had their info harvested by Cambridge Analytica

CEO Mark Zuckerberg testifies in front of the Senate Judiciary and Commerce committee after it was reported that some 87 million users had their info harvested by Cambridge Analytica

The contacts were not shared with anyone and the company is deleting them.

Last March, the firm disclosed that some 87 million users' information had been harvested and shared with Trump-affiliated campaign research firm Cambridge Analytica. 

Additionally, Facebook announced in September that it had been hit by its biggest breach on record, when 50 million users' private data was exposed as a result of a vulnerability in its 'View As' feature.

Video playing bottom right...
Click here to expand to full page
Loaded: 0%
Progress: 0%
-:-
Pause
Unmute
Fullscreen
Advertisement
ExpandClose

FACEBOOK'S PRIVACY DISASTERS

December 2018: Facebook comes under fire after a bombshell report discovered the firm allowed over 150 companies, including Netflix, Spotify and Bing, to access unprecedented amounts of user data, such as private messages.

Some of these 'partners' had the ability to read, write, and delete Facebook users' private messages and to see all participants on a thread. 

It also allowed Microsoft's search engine, known as Bing, to see the name of all Facebook users' friends without their consent.

Amazon was allowed to obtain users' names and contact information through their friends, and Yahoo could view streams of friends' posts.

As of last year, Sony, Microsoft, and Amazon could all obtain users' email addresses through their friends.

September 2018: Facebook disclosed that it had been hit by its worst ever data breach, affecting 50 million users - including those of Facebook boss Mark Zuckerberg and COO Sheryl Sandberg.

Attackers exploited the site's 'View As' feature, which lets people see what their profiles look like to other users.  

Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)  

Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)  

The unknown attackers took advantage of a feature in the code called 'Access Tokens,' to take over people's accounts, potentially giving hackers access to private messages, photos and posts - although Facebook said there was no evidence that had been done. 

The hackers also tried to harvest people's private information, including name, sex and hometown, from Facebook's systems.

Facebook said it doesn't yet know if information from the affected accounts has been misused or accessed, and is working with the FBI to conduct further investigations.

However, Mark Zuckerberg assured users that passwords and credit card information was not accessed.

As a result of the breach, the firm logged roughly 90 million people out of their accounts earlier today as a security measure.

March 2018: Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.

The disclosure has prompted government inquiries into the company's privacy practices across the world, and fueled a '#deleteFacebook' movement among consumers.

Communications firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.

The company boasts it can 'find your voters and move them to action' through data-driven campaigns and a team that includes data scientists and behavioural psychologists.

'Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,' with data on more than 230 million American voters, Cambridge Analytica claims on its website.

The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.

This was designed to help them create software that can predict and influence voters' choices at the ballot box.

The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.

This information is said to have been used to help the Brexit campaign in the UK.

It has also suffered several previous issues.

Facebook data row: What is Cambridge Analytica?
Loaded: 0%
Progress: 0%
0:00
Previous
Play
Skip
Mute
Current Time0:00
/
Duration Time1:09
Fullscreen

In 2013, Facebook disclosed a software flaw that exposed 6 million users' phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users' profiles.  

 
Unmute

Facebook admits MILLIONS of Instagram passwords were stored in plain text

.

Social Media FAQs | Source

You May Like

Comments