FACEBOOK has admitted that millions of Instagram passwords have been left exposed for the tech giant’s employees to see.
The revelation comes one month after Facebook said it had mistakenly stored hundreds of millions of its users’ passwords in plaintext that workers could read.
Facebook has admitted that millions of Instagram passwords have been left exposed for the tech giant’s employees to see[/caption]
And yesterday Facebook added that millions of Instagram passwords were also affected in yet another privacy blunder.
The unencrypted passwords were stored in logs that were readable and searchable by more than 20,000 Facebook employees.
In an update to a March blog post, Facebook wrote: “We discovered additional logs of Instagram passwords being stored in a readable format.
“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.
“Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
The original post had stated that tens of thousands of Instagram user passwords had been exposed – but this number has now been significantly increased.
In March, cybersecurity reporter Brian Krebs in March revealed that up to 600 million Facebook passwords had been exposed in an internal database that was searchable by employees.
He uncovered archives dating back to 2012 that show users’ passwords in plain text.
Shortly after, Facebook admitted in a blog post that it had found user passwords were stored “in a readable format within our internal data storage systems.”
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” the blog post stated.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
It comes one day after Facebook admitted it may have “unintentionally uploaded” the email addresses of 1.5 million new users since May 2016.
The social media firm reportedly harvested these contacts without users’ knowledge or consent when they opened their accounts.
In March, Facebook had stopped offering email password verification as an option for people who signed up for the first time, the company said.
There were cases in which email contacts of people were uploaded to Facebook when they created their account, the company said.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded.
“These contacts were not shared with anyone and we are deleting them,” Facebook told Reuters, adding that users whose contacts were imported will be notified.
The underlying glitch has been fixed, according to the company statement.
Business Insider had earlier reported that the social media company harvested email contacts of the users without their knowledge or consent when they opened their accounts.
When an email password was entered, a message popped up saying it was “importing” contacts without asking for permission first, the report said.
Facebook has been hit by a number of privacy-related issues recently, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees.
MOST READ IN TECH
Last year, the company came under fire following revelations that Cambridge Analytica, a British political consulting firm, obtained personal data of millions of people’s Facebook profiles without their consent.
The company has also been facing criticism from lawmakers across the world for what has been seen by some as tricking people into giving personal data to Facebook and for the presence of hate speech and data portability on the platform.
Separately, Facebook was asked to ensure its social media platform is not abused for political purposes or to spread misinformation during elections.