Millions of Instagram passwords stored in plain text

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
4,207
Millions of Instagram passwords stored in plain text

Facebook has admitted to Krebs on Security that it stored millions of its Instagram users’ passwords in plain text, which left the data exposed.

Facebook had previously reported that “tens of thousands of Instagram users” had their passwords exposed; however, they have now found that the magnitude of the issue was much larger.
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
Doesn't matter if its in plain text and you are using something like Boobs12345, reusables or a weak password for your vault.

However both parties should take care to properly protect their secret. What is funny; is the 'stored in plain text' dramatization and gasping without due note towards both sides. [Especially if you involve a bit of social engineering / multi layered enterers.]
 

quovadis

Executive Member
Joined
Sep 10, 2004
Messages
6,074
Doesn't matter if its in plain text and you are using something like Boobs12345, reusables or a weak password for your vault.

However both parties should take care to properly protect their secret. What is funny; is the 'stored in plain text' dramatization and gasping without due note towards both sides. [Especially if you involve a bit of social engineering / multi layered enterers.]

The ramifications where one party exposes the passwords of millions of others where a large percentage of those affected use the same credentials for other websites is why it matters.
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
The ramifications where one party exposes the passwords of millions of others where a large percentage of those affected use the same credentials for other websites is why it matters.
And 'both sides' in my reply excluded this? I've covered this..
 

Little Mac

Honorary Master
Joined
Jul 18, 2008
Messages
53,499
Doesn't matter if its in plain text and you are using something like Boobs12345, reusables or a weak password for your vault.
Not sure what the user's weak password has to do with Instagram storing passwords in plain text. Passwords should never be stored, period.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,736
Not sure what the user's weak password has to do with Instagram storing passwords in plain text. Passwords should never be stored, period.

Exactly that: passwords should be encrypted using one-way encryption (repeat 10 times is becoming the accepted norm), only the one-way encrypted hash should be stored in a database that is also heavily protected.

It's as if Zuckerberg's dev team is comprised of only ex-Microsoft employees.
 

Little Mac

Honorary Master
Joined
Jul 18, 2008
Messages
53,499
Exactly that: passwords should be encrypted using one-way encryption (repeat 10 times is becoming the accepted norm), only the one-way encrypted hash should be stored in a database that is also heavily protected.

It's as if Zuckerberg's dev team is comprised of only ex-Microsoft employees.
Strictly speaking a hash is not encryption. Encryption is reversible, hashing is not though I see a lot of people referring to hashing as one way encryption. It's just one of those semantics things I guess. As long as people know what it means.
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
Not sure what the user's weak password has to do with Instagram storing passwords in plain text. Passwords should never be stored, period.
If you nor quovadis can or want to see that both sides could be in the wrong [as my original reply] and that the clear text part(s) were not excluded; then there is little to no point in continuing beyond this.
 

Little Mac

Honorary Master
Joined
Jul 18, 2008
Messages
53,499
If you nor quovadis can or want to see that both sides could be in the wrong [as my original reply] and that the clear text part(s) were not excluded; then there is little to no point in continuing beyond this.
Your reply doesn't even follow basic language rules. Please attempt to explain again what you were saying.
Bottom line is the article is about what FB and Instagram did with your password. How does that relate to what you did with your own passwords? The breach is with FB.
If I'm following what you're saying, it's a bit like saying "Sure, city of Joburg didn't have working fire hydrants in it's affluent suburbs, but if you're going to store flammable liquids in your garage adjacent to your braai, you're just as much to blame if your place goes up in smoke". The second point would have little to do with the first and was never in question to start with - you just added that to state the obvious which is 'follow good security practice yourself'.
 
Last edited:
Top