A full month after Facebook admitted it mistakenly stores hundreds of millions of plain text passwords where employees can see them, discreetly adds a significant update: millions of Instagram passwords are also affected.
"Since the publication of this article, we have discovered additional journals of Instagram passwords stored in a readable format," Facebook wrote. "We now estimate that this problem has affected millions of Instagram users." We will inform these users in the same way as others. "Our investigation determined that these stored passwords had not been misused internally or used improperly."
The company did not explain why it took four weeks for this additional information to be added to its original disclosure, or why it chose to do so almost at the same time as all the panic. Mueller reported dropped.
The initial password problem was only reported after KrebsOnSecurity revealed its existence thanks to an anonymous prognosis. According to their sources, about 20,000 employees had access to passwords. We now know that millions of Instagram passwords were circulating in search of employees, although Facebook says they have not found proof.
But even if Facebook does not claim anything, it comes from the mistake, it is alarming that the company is so careless with Instagram passwords. Many Instagram users already treat frequent hacking attempts, and users whose accounts are hacked are often unable to recover them because of Instagram imperfect support system. The fact that so many passwords have been exposed does not support the company's claims that it is concerned about the security of its users.
It is also disturbing that the company is waiting for one of the most memorable political events of recent memory to disclose this information and buries it in a one month old press release. Instagram says that it will directly notify the people involved. All users should therefore closely monitor emails from Instagram. (And, needless to say, if you do not receive such an email from Facebook, you must change your password.)