Facebook states that they have discovered logs of Instagram passwords being stored in readable format that has impacted millions of Instagram users.
Facebook claims that their investigation found that stored passwords were not internally abused or improperly accessed.
The issue had first surfaced in March, when Facebook said that as a part of routine security review in January, they found that user passwords were being stored in readable format within their data storage systems. It reportedly affected hundreds of millions of Facebook Lite users and tens of millions of other Facebook users.
Passwords should be stored in an encrypted format, for the website to confirm it without reading it. Various errors seemed to have caused Facebook’s systems to store passwords in plain text since as early as 2012, as reported by Kerbs.
In another recent scandal by Facebook, they “unintentionally uploaded” email contacts of 1.5 million new Facebook users since May 2016. A security researcher had noticed Facebook was asking users for their email passwords and Business Insider then discovered that once an email password was entered, a pop-up appeared saying that it was importing your contacts without asking for permission first. In a statement made to Business Insider a company spokesperson said, it “unintentionally uploaded” the email contacts and is now deleting them.