Author Topic: Facebook breaches users’ security yet again, this time it’s Instagram  (Read 273 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Just a day after admitting they have “unintentionally” uploaded emails of nearly 1.5 million users, Facebook has now admitted of a breach in Instagram. The company says the new breach is in relation to the breach reported last month.

If you remember, we reported that Facebook stored passwords of Facebook users in a readable form. The issue was admitted by Facebook last month and Facebook assured that it has been fixed since then. Unfortunately, it looks like the issue was not solved after all as the company admitted to storing passwords of Instagram users in plain text as well.

Quote
We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.

Our investigation has determined that these stored passwords were not internally abused or improperly accessed. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way.

– Pedro Canahuati, Vice President, Engineering, Security and Privacy, Facebook
For those who don’t know, companies store users’ passwords in an encrypted format, one that can be decrypted only by a machine to prevent the abuse of passwords. This is one of the reasons why you don’t get your password back when you reset it. However, storing passwords as plain text means anyone with access can view the email ID and the corresponding password and use it to log in without any issues.

While Facebook has assured that the passwords weren’t accessed we don’t have a sure way of knowing if that’s true. So it might be a good idea to change your Instagram password and not use the old password anywhere else.

source