Millions of Instagram Passwords were Stored Unencrypted on Facebook’s Servers

Last month, Facebook announced that it had stored “tens of thousands” of Instagram passwords unencrypted on its servers, meaning Facebook employees could access them. Today, the company has updated that blog post to reflect that actually, “millions” of Instagram users, not “tens of thousands,” were impacted, as noted by Recode.

The social networking giant had revealed last month that tens of millions of Facebook users’ passwords were also stored unencrypted on its servers. Following today’s update, a Facebook spokesperson once again reiterated that “there is no evidence of abuse or misuse of these passwords.”



Here’s what Facebook wrote in its updated statement:

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Facebook is already being investigated by numerous government agencies, including the FTC and the DOJ, for its data collection and privacy practices, although it remains unclear whether issues like unencrypted password storage will play a role in those investigations.