Last month, Facebook admitted it had mistakenly left hundreds of millions of passwords in plain sight for their employees to see. In the aftermath, the company confessed millions of Instagram passwords were also endangered.
Facebook didn’t explain why they chose to reveal this piece of information a month after the first disclosure, exactly when the Mueller report (about Russia’s involvement in the 2016 presidential election) was released. Coincidence? Maybe.
Remember when KrebsOnSecurity revealed the first password issue thanks to an anonymous tipster? According to the tipster, around 20,000 Facebook employees had access to the passwords, not millions as we know at this point.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” Facebook explained. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” the company added.
As a consequence of the misplaced data, many users were affected by hacking attempts, and some of them were unable to get their accounts back because of the platform’s security system, which could definitely use improvements.
If you receive a notification from Instagram that your password has been exposed, definitely change it ASAP.