Photo by Chip Somodevilla/Getty Images
- Facebook has stored millions of Instagram users' passwords in an unencrypted format easily readable by its employees for years.
- The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers.
- At the time, the company also said the same issue affected "tens of thousands" of Instagram users.
- On Thursday, that number was updated to "millions."
- Visit BusinessInsider.com for more stories.
Facebook has stored millions of Instagram users' passwords in an unencrypted format easily readable by its employees for years, the latest in a series of high-profile security missteps committed by the Silicon Valley giant.
The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers. At the time, the company also said the same issue affected "tens of thousands" of Instagram users.
On Thursday, that number was updated to "millions."
Facebook said that since its previous post - on March 21 - it had discovered "additional logs of Instagram passwords being stored in a readable format," but that its "investigation has determined that these stored passwords were not internally abused or improperly accessed."
The company said it would notify affected users.
Back in March, Facebook said it discovered the vulnerability during a "routine security review" at the beginning of the year. The cybersecurity journalist Brian Krebs said the issue existed as far back as 2012.
The incident adds to a long line of serious scandals and crises to wrack Facebook over the past two years - many of which have been security- or privacy-related. Just yesterday, Business Insider discovered that the tech giant had been harvesting the email contacts of 1.5 million new users without their knowledge or consent.