#Fail: Facebook Stores Millions Of Instagram Passwords In Plain Text…. Still Another Reason To #DeleteFacebook

You might recall that back in March,  those fine people at Facebook who happen to own Instagram has this happen to them:

Brian Krebs has an exclusive story on his blog, which for the record should be a must read for the security conscious out there, which details that Facebook hundreds of millions of passwords in plain text for years

So, fast forward to today. In an update to its original blog post, Facebook now says that millions of Instagram passwords were stored on its servers in a readable format. That’s right MILLIONS of Instagram passwords. Instagram user names, unlike Facebook usernames, can be highly appealing to thieves. Short names can sell for quite a lot of money, which makes Instagram passwords rather valuable. So if you didn’t chang your Instagram password when this news first broke, doing so now is a really


The problem with this is that even though this is new news, it’s buried in an old blog post. So while they can say that they put this news out there, it’s done in a manner that is designed not to attract attention. That’s pretty shifty by Facebook and it highlights that it doesn’t take the security of it’s users seriously. Nor does it want to take responsibility when it screws us. Which these days is frequently. This is yet another reason to #DeleteFacebook because they don’t deserve your time and attention.

2 Responses to “#Fail: Facebook Stores Millions Of Instagram Passwords In Plain Text…. Still Another Reason To #DeleteFacebook”

  1. Gordon Woodmansey Says:

    This would be hilarious if it wasn’t so serious. Strongly safe ways of storing passwords have been blogged about and written up for years. It would take a typical programmer a morning to implement and test any of these methods. Why are these company’s so stupid with basic information?

  2. […] The company is now facing an investigation in Ireland. Apparently Ireland’s Data Protection Commission is looking into Facebook’s practices to see whether they violate Europe’s GDPR. Specifically over the fact that the company stored millions of passwords in plan text: […]

Leave a Reply

%d bloggers like this: