Facebook Confirmed Millions of Instagram and Facebook Passwords Might Be Compromised

Last month we quoted multiple sources confirming that Facebook has unintentionally made the passwords of approximately half a billion people readily available for the eyes of the company’s employees. What caused a stir in the social world is the fact that those passwords were saved in plain text. The anonymous Facebook employee who told the world about this said that it is likely that millions of passwords have been sitting around on the Facebook servers in a plain searchable format.

It didn’t take long for Facebook to acknowledge the problem, but in a statement, they initially said that the number of affected users is not as significant as it was initially claimed. This is no longer the case, as Facebook posted an update to the story on April 18th.

The update states that since their initial post was published, Facebook’s cybersecurity researchers have discovered additional logs of Instagram passwords being stored in a readable format. While the social-media platform initially said that there might be only tens of thousands of improperly stored passwords, and most of these passwords are of users who use Facebook Lite, they now confirmed that this issue had impacted a large amount of Instagram users too. Facebook’s press office said that the number of passwords stored in a readable format is in the millions now. The social media network is currently notifying the affected users as they did with the initially affected users.

Even though Facebook’s internal investigation has determined that there is no concrete evidence that those stored passwords have been internally abused or improperly accessed, it is currently unknown if the passwords have not been misused. It is possible that the passwords might have been copied and taken away from the servers of Facebook.

Facebook has not updated their blog post with a specific number so knowing the exact amount of exposed passwords remains a secret. It is also still unknown for how long these passwords have been exposed and who are the people who have seen it. According to the Facebook employee who broke the news to the media, there have been more than 10 million internal queries for data elements that contain passwords in plain text which means that each one of those 20 thousand employees who’ve had access to these databases might have made approximately 500 requests to enter the database with plain text passwords.

Even if you have received an email from Facebook asking you to change your password, it is possible that your Facebook and/or Instagram passwords might have been exposed. There has never been a better time to go change your password. Instead of hoping that your password has not been compromised and you won’t get the email from Facebook, we recommend you to change your password. It is particularly important to do so should you’ve used the same password on multiple websites. If you are afraid that you may not remember the password after you change it, you can always take advantage of a password manager that can store all these hard-to-remember combinations.