During a routine security review back in January 2019 Facebook caught a serious issue. As it turns out, some user passwords were stored in a readable format, making it possible for Facebook employees (but not anyone outside of the company) to find and view. While the initial announcement noted that hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users were affected, a more recent discovery noted a much larger problem.
So how many Facebook and Instagram users are actually affected by this security issue? According to an update published Apr. 18, Facebook found additional logs of Instagram passwords stored in a readable format—bringing the current estimate of affected IG users to somewhere in the millions range.
photo: Toni Hukkanen via Unsplash
If you’re wondering if Facebook routinely stores passwords in readable text, the answer is no. The company’s security “best practices” include masking all passwords, making it impossible for anyone (including company employees) to see them. But, in this case, internal problems didn’t allow the proper masking to happen.
Before you worry too much, Facebook assures its users that the problem is fixed. Beyond that, when the initial issue was detected Facebook didn’t find evidence of employee misuse of the readable text passwords.
Users affected by this security issue will receive notification from Facebook. If you haven’t heard anything, but still have concerns, changing your passwords is always a good idea.