Facebook Confirms Millions of Instagram Passwords Were Stored in Plain Text

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 18, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Back in March, Facebook announced that millions of Facebook passwords were stored on its servers in plain text with no encryption. At the time, Facebook also said that "tens of thousands" of Instagram passwords were also stored in the same unencrypted format, but as it turns out, the actual number was much, much higher.

    In an update to its original blog post, Facebook now says that millions of Instagram passwords were stored on its servers in a readable format.

    [​IMG]
    These unencrypted, plain text passwords were accessible to thousands of Facebook employees, and while Facebook says that there's no "evidence to date" that anyone within Facebook abused or improperly accessed the passwords, it's highly concerning.

    Instagram user names, unlike Facebook usernames, can be highly appealing to thieves. Short names can sell for quite a lot of money, which makes Instagram passwords rather valuable.

    Facebook was not forthcoming about the discovery of additional impacted Instagram accounts, burying it in a month-old blog post and, as Recode points out, releasing the update just before the Mueller report came out and media sites were distracted.

    Facebook will be notifying Instagram users whose passwords were improperly stored, and Instagram users who are concerned about their accounts should change their passwords and make sure two-factor authentication is enabled.

    Facebook's latest security leak comes just a day after news spread that Facebook harvested the email contacts of 1.5 million Facebook users without their consent and used the data to build a web of social connections.

    Earlier this week, a scathing report also outlined how Facebook leveraged user data to punish its rivals and reward companies who paid heavily into Facebook advertising and shared data of their own.

    Article Link: Facebook Confirms Millions of Instagram Passwords Were Stored in Plain Text
     
  2. Am3r1ca16 macrumors 6502a

    Am3r1ca16

    Joined:
    Jul 17, 2012
    Location:
    New York City
    #2
    how much would a short name like potato sell for?
     
  3. Cyberpower678 macrumors 6502

    Joined:
    Apr 28, 2015
    Location:
    Everywhere
    #3
    And people are still trusting and using Facebook, why again?
     
  4. bigboyz12000 macrumors member

    bigboyz12000

    Joined:
    Jan 2, 2011
    Location:
    USA
    #4
    Every week/month we find out that either email or social media outlets are shockingly careless when it comes to the data of the user. At the most a multi-billion dollar entity gets hit with a fine that is like them handing out a $20. Maybe we should all stop using their services and see how they are affected? Nobody NEEDS FB.
     
  5. ritmomundo macrumors 68000

    ritmomundo

    Joined:
    Jan 12, 2011
    Location:
    Los Angeles, CA
  6. doomfront macrumors regular

    Joined:
    Sep 19, 2012
    #6
    You're better off assuming that all of your credentials have been compromised, or could easily be compromised. Use multi-factor whenever possible
     
  7. rafark macrumors 6502a

    rafark

    Joined:
    Sep 1, 2017
    #7
    I understand Facebook has made many mistakes, but lately the media seems to be trying so hard to destroy Facebook.
     
  8. itsmilo macrumors 68020

    itsmilo

    Joined:
    Sep 15, 2016
    Location:
    Europe
    #8
    I am surprised the EU is staying so quiet about this whole mess.

    Lobbying is a hell of a thing I guess
     
  9. gugy, Apr 18, 2019
    Last edited: Apr 18, 2019

    gugy macrumors 68040

    gugy

    Joined:
    Jan 31, 2005
    Location:
    La Jolla, CA
    #9
    What a mess. I'm done with Facebook for good months ago. I still use Instagram and like it. Glad I changed my IG password recently.
     
  10. dumastudetto macrumors 68040

    Joined:
    Aug 28, 2013
    #10
    It beggars belief that a company the size of Facebook can allow these problems to manifest. I guess they have problems attracting the best engineering talent. Who on earth would want to work for Facebook if your skills allow you to take your pick for similar roles elsewhere?
     
  11. coolfactor macrumors 68040

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #11
    They hired the wrong developers. No educated developer would EVER store passwords in plain text, at any time... ever. The fact that this happened is just wrong.

    In their report, they use the word "logs", so this suggests that the developer(s) involved were logging the activity, likely to plain-text log files, storing the passwords in the log entries. This was probably not a login database that was involved, but log files used for debugging during development. Still wrong, very wrong.
    --- Post Merged, Apr 18, 2019 ---
    You realize these were Instagram passwords that were exposed, right?
     
  12. apolloa macrumors G4

    Joined:
    Oct 21, 2008
    Location:
    Time, because it rules EVERYTHING!
    #12
    And I see people on here moan about Amazon’s apparent invasion on privacy, how they don’t dare ever own an Echo.. and then they go and use Facebook :rolleyes: Utter hypocrites!

    Remember folks, Zuckerbeg would literally sell YOUR soul if he could get it, for cash...

    The writing was on the wall about this years and years ago. Plenty of reports about Facebooks complete disgregard for security and privacy going back a way.
     
  13. Vanilla35 macrumors 68040

    Vanilla35

    Joined:
    Apr 11, 2013
    Location:
    Washington D.C.
    #13
    I hope they keep it up.
    --- Post Merged, Apr 18, 2019 ---
    They're also authoritarian, which employees don't appreciate.
     
  14. coolfactor macrumors 68040

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #14
    The size and compartmentalization of big companies is likely a contributing factor to the problem. It's not a small intimate development shop where developers work together are invested in putting their best foot forward. Likely, it was a team in some dusty backyard building where developers only cared about churning out a working system for Instagram, quality and care aside. As the team changed, this logging of passwords was forgotten and never corrected, until someone stumbled across it one day.
     
  15. zooland macrumors member

    zooland

    Joined:
    Aug 17, 2005
    Location:
    The Netherlands
    #15
    And for the right reasons, the better of mankind.
     
  16. Intellectua1 Suspended

    Intellectua1

    Joined:
    Jun 3, 2016
    Location:
    Seattle, Washington
    #16
    I'm glad I got off FB when Facebook asked me to verify my identity by sending a copy of my ID because I wasn't using my real name, that also prompted me to delete Instagram and Whatsapp as well as firewall any connection to Facebook and Instagram's servers on my phone. Facebook will never get anymore info from me. The tricky part is there are apps that includes Facebook sign-on and ad services that you have to block per app. I haven't gone thru all my apps yet but the firewalls should be enough.
     
  17. apolloa macrumors G4

    Joined:
    Oct 21, 2008
    Location:
    Time, because it rules EVERYTHING!
    #17
    I sssoooooo want to delete WhatsApp but my damn sister and brother in law INSIST on using it, despite both having fecking iPhones!!!!!! Mind you they use Facebook still too and their kids use Instagram..
    And typically my idiot brother in law keeps asking me if I mind Amazon recoding what I ask Alexa... :rolleyes:o_O
     
  18. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #18
    I'm waiting for this one:

    "We accidentally sold your personal data, including our records of where in your home you keep your valuables and what time you leave the house, to an association of professional thieves. We've now corrected our procedures and promise not to do this again, at least not very often."​
     
  19. Mimiron macrumors member

    Joined:
    Dec 12, 2017
    #19
    Yeah unfortunately, need to use it for business, otherwise it would have been deleted ages ago.
     
  20. farewelwilliams macrumors 68020

    Joined:
    Jun 18, 2014
    #20
    maybe...just maybe...allow 1 hour where one executive can check to see if anymore passwords are stored in plain text anywhere.

    i learned to not store plain text passwords anywhere when i was 16.

    or...,i'm no test engineer, but maybe write a script that creates 1 dummy account with a long random password (like d0803a4b93b8ab8c4954b8c88094d70c) and have a cron job that occasionally checks all logs/databases to see if that password exists. do it once a week.
     
  21. Cyberpower678 macrumors 6502

    Joined:
    Apr 28, 2015
    Location:
    Everywhere
    #21
    Say what now?
     
  22. Intellectua1 Suspended

    Intellectua1

    Joined:
    Jun 3, 2016
    Location:
    Seattle, Washington
    #22
    I only use it to talk to friends overseas and I just told them I'm no longer going to use WhatsApp so we need to switch to something else. I don't think it was much of a hassle as we've switched thru almost all the popular IM apps over the years so they were fine with it, and I'm sure they still use it, just not to message me since I don't use it
     
  23. derek macrumors member

    derek

    Joined:
    Aug 3, 2001
    Location:
    Syracuse, NY
    #23
    FacePlantBook. Oh, FacePlantBook. Why art thou so bloody stupid? OMF.
     
  24. niun macrumors 6502a

    niun

    Joined:
    Mar 31, 2015
    #24
    A mistake is not something FB makes. They didn't mistakenly sell personal data of millions of users.
    This is not some start-up with a sleepy admin at the wheel .
    They are a criminals. Plain and simple .
     
  25. Intellectua1 Suspended

    Intellectua1

    Joined:
    Jun 3, 2016
    Location:
    Seattle, Washington
    #25
    Firewalls, System Wide AdBlocking, etc. I have over 66k ad domains blocked on my phone as well as *Facebook com and *Instagram com graph.facebook com etc.
     

Share This Page

134 April 18, 2019