You are using an older browser version. Please use a supported version for the best MSN experience.

Facebook now says ‘millions’ of Instagram passwords were exposed internally

MarketWatch logo MarketWatch 18/04/2019 Mike Murphy

(Video by: The Washington Post)

Facebook Inc. said Thursday that a security incident that exposed Instagram passwords internally was significantly worse than first thought.

After announcing in March that a security review had found that “tens of thousands” of Instagram users’ passwords had been wrongly stored in plain text, Pedro Canahuati, Facebook’s vice president of engineering, security and privacy, said Thursday that the issue is now estimated to have affected “millions” of Instagram users.

a close up of a logo: The passwords of millions of Instagram users were exposed on Facebook’s internal servers. © Getty Images The passwords of millions of Instagram users were exposed on Facebook’s internal servers. “We will be notifying these users as we did the others,” Canahuati wrote Thursday in a blog post. “Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Typically, Facebook and Instagram passwords are masked on the company’s internal servers so that not even Facebook employees can see them. In March, Facebook said the exposed passwords had been stored in logs accessible to some internal engineers and developers, and that the issue had been fixed.

Facebook (FB)  did not specify Thursday how many millions of Instagram users were affected, and said the additional information was discovered “only recently.”

Facebook's founder and CEO Mark Zuckerberg © Thomson Reuters Facebook's founder and CEO Mark Zuckerberg The updated information was added to a month-old blog post Thursday morning, shortly before the Mueller report was made public in Washington, leading someonsocialmediato speculate that Facebook was trying to play down the news.

“This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way. There is no evidence of abuse or misuse of these passwords,” a Facebook spokesperson said via email.

In the original March announcement, Facebook said the password issue also affected “hundreds of millions of Facebook Lite users,” and “tens of millions of other Facebook users,” and that those users, too, would be notified of the incident.

Gallery: 26 tech fails that ruined people's lives (PocketLint)

The password issue is the latest in a series of privacy-related incidents that have plagued Facebook in the past few years, most notably the Cambridge Analytica data scandal, in which personal data from 87 million users was used without their consent. On Wednesday, Reuters reported Facebook had “unintentionally uploaded” email contacts of 1.5 million new users since March 2016.

Facebook shares, though, have been nearly impervious to bad news in recent months — they rose slightly Thursday and are up 36% year to date, compared with the S&P 500’s (SPX)  16% gain this year.


More From MarketWatch

image beaconimage beaconimage beacon