Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
  1. Home
  2. News
  3. Security

Facebook: We Stored Millions of Instagram Passwords in Plain Text

Facebook previously said it stored 'tens of thousands' of unencrypted Instagram passwords on its internal servers, but it was actually millions.

By Michael Kan
April 18, 2019
Instagram Login

Facebook on Thursday revealed that it accidentally stored "millions" of Instagram user passwords in plain text.

The disclosure comes a month after it admitted to accidentally storing "hundreds of millions" of unencrypted user passwords on the social network's internal servers. At the time, Facebook said the problem only affected "tens of thousands" of Instagram users. But it was wrong.

"We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others," Facebook said in an update to its original post on the incident.

How many users were affected isn't clear. The company told PCMag it doesn't have precise numbers to share. "This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way," a Facebook spokesperson said in an email.

According to Facebook, the company has uncovered no evidence of abuse or leaks with the stored credentials. Still, it's a good idea for affected users to change their passwords to stay safe.

Under the best security practices, companies should be storing passwords not in plain text, but through a method called hashing, which can effectively scramble the sensitive data into an unreadable format. So in the event a breach occurs, the hashing can prevent, or at least delay, a hacker from quickly exploiting the data.

So far, Facebook hasn't revealed how long it had been storing the Instagram passwords in plain text, what caused it, or how many employees may have had access to the information.

Recommended by Our Editors

Facebook
Facebook Collected Millions of Email Contacts Without Consent
The Why Axis chart - Concerned with Facebook Using Personal Data
Four Out of Five Americans Distrust Facebook and Hate Online Ads
Instagram Checkout
Instagram Checkout Lets You Buy Items Without Leaving the App

For added protection, Instagram users can consider activating two-factor authentication on their account, which will prevent unauthorized logins in the event a hacker successfully guesses or steals their password.

Facebook Asked New Users for Their Email Passwords
PCMag Logo Facebook Asked New Users for Their Email Passwords

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

Further Reading

Got a Phone Call From LastPass? Hang Up, It's a Phishing Scam
Got a Phone Call From LastPass? Hang Up, It's a Phishing Scam
By Michael Kan
Investigators Disrupt Phishing Page Creator LabHost, Arrest 37 Suspects
Investigators Disrupt Phishing Page Creator LabHost, Arrest 37 Suspects
By Michael Kan
Russia May Be Behind Hack of Texas Water Facility
Russia May Be Behind Hack of Texas Water Facility
By Michael Kan
Discord Users Are Being Tracked Through Data-Scraping Site
Discord Users Are Being Tracked Through Data-Scraping Site
By Kate Irwin
Ransomware Group Leaks Data From UnitedHealth Hack, Demands More Money
Ransomware Group Leaks Data From UnitedHealth Hack, Demands More Money
By Michael Kan
OpenTable Backtracks, Won't Add Real Names to Old Reviews
OpenTable Backtracks, Won't Add Real Names to Old Reviews
By Joe Hindy
EZ-Scam? FBI Issues Warning About Texts Demanding Toll Payments
EZ-Scam? FBI Issues Warning About Texts Demanding Toll Payments
By Emily Price
Delaware Woman Arrested for 'Sextortion' Schemes That Duped Thousands
Delaware Woman Arrested for 'Sextortion' Schemes That Duped Thousands
By Michael Kan

TRENDING

About Michael Kan

Senior Reporter

Michael Kan

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan