Just a month ago, Facebook admitted it had mistakenly exposed hundreds of millions of passwords by storing them in plaintext where employees could access them.
Facebook had announced back then that thousands of Instagram passwords were also leaked in the unencrypted storage blunder. Now, the company has quietly added a major update to that news: not “tens of thousands” but “millions” of Instagram users were actually affected by the leak.
The social media company confirmed the same in its updated blog post that was first published on March 21. It now says:
“We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users.”
Facebook says that there is no evidence of internal abuse of passwords and the affected users will be notified of the same. The company, however, refrained from mentioning exactly how many millions of accounts were affected.
For those who don’t know, the incident that happened last month involved storing Facebook user passwords on an unencrypted server for years, dating as far back as 2012. These logs were accessible to some 2,000 engineers and developers.
The sensitive data was not exposed outside of the company, but Facebook still owes an explanation on how the bug occurred.