Facebook has admitted to Krebs on Security that it stored millions of its Instagram users’ passwords in plain text, which left the data exposed.
Facebook had previously reported that “tens of thousands of Instagram users” had their passwords exposed; however, they have now found that the magnitude of the issue was much larger.
The exposure of these passwords reportedly began for some of these users as far back as 2012 and resulted in them being accessible to over 20,000 Facebook employees.
“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data,” said Facebook software engineer Scott Renfro.
Facebook said it will contact all users affected by this issue.
In a separate issue, The Verge reports that between May 2016 and March 2019, over 1.5 million Facebook users had their email contacts accessed and “unintentionally uploaded” to its platform.