How Facebook exposed millions of users' passwords

Last month, Facebook revealed that millions of Instagram and Facebook passwords were stored in plaintext and were accessible by engineers. Now, the company has issued an update on the situation; revealing that the situation is worse than it originally stated. Facebook today updated its blog post from March 21st about the incident. The company says that it has discovered “additional logs of Instagram passwords” that were stored in a readable format. In terms of scale, Facebook says this issue affected "millions of users". The company adds that its investigation determined that these passwords were not “abused or improperly accessed.” Nonetheless, affected users will be notified by Instagram and instructed to change their passwords. Last month, Facebook said that it found through a “routine security review” that some user passwords were being stored in a readable format within our internal data storage systems. Today’s update on the situation, however, paints a much darker picture – revealing that millions of Instagram users were affected by the security lapse. It still seems that the passwords were not accessible outside of Facebook and Instagram employees. Last month, the company said that 2,000 engineers and developers could have accessed the passwords. As always with an incident like this, you’ll want to change your Instagram and Facebook credentials just to be safe, even if you don’t hear from Instagram that you were technically affected. Read Facebook’s full update on the situation below. “We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”