It’s not a long time since Facebook’s mishap with password storage unearthed. In a recent series of events, Facebook admitted that the issues with the encryption system caused the passwords of millions of Facebook users to be stored on the servers in plain text. Almost all of the employees of Facebook had access to the stored passwords of 540 million users. Now, Facebook has admitted that the 540 million passwords included the passwords of Instagram users too. As Facebook owns Instagram, the company employees had access to the passwords of Instagram users in plain text for over a month.
This is another major security fiasco for Facebook as they are facing a lot of problems with security. Recently, Facebook imported and uploaded email contacts from new users. The issue was with the encryption system, which failed and stored the data unintentionally in unencrypted mode. After security agency “Krebs on Security” unearthed the secret, Facebook admitted the blunder and decided to delete the plain text files and inform users to change the password. On March 21, Facebook shared a blog post with the details about plain text password storage fiasco. The admission has been updated in the same blog post.
In the blog post update, Facebook said that the engineers inspected the servers and found additional logs of Instagram passwords saved in the readable format. The company said they’ve checked if the stored passwords are used by an internal member or misused by any means and found that they were safe. Still, the millions of users will get the notification to change the passwords for safety reasons. Finding the logs of stored passwords after a month is considered as the significant loss for Facebook, as the critical safety issues should not go unnoticed from the system and the eyes of security engineers.